Connection authentication in wireless communication network system

ABSTRACT

In a wireless communication network system of the invention, in response to a request for connection authentication sent from each of multiple wireless communication terminals to a base station to establish a communication link, a link management module receives authentication information of each wireless communication terminal, which is generated corresponding to a piece of identification information allocated by an identification information management module and registered in the wireless communication terminal, from the wireless communication terminal via a wireless network. The link management module compares the authentication information received from the wireless communication terminal with multiple possible options of authentication information generated corresponding to multiple different pieces of identification information allocated by the identification information management module, and authenticates the wireless communication terminal that has sent the authentication information matching with one of the multiple possible options of authentication information. The identification information management module manages a mapping of each specific piece of identification information, which corresponds to a specific option of authentication information matching with the authentication information of the authenticated wireless communication terminal, to the authenticated wireless communication terminal. This arrangement of the invention assures simple, convenient, and safe authentication of multiple wireless communication terminals, while unequivocally identifying a process utilized by each user and the user&#39;s wireless communication terminal.

TECHNICAL FIELD

The present invention relates to a technique of connectionauthentication performed to establish wireless communication between awireless communication terminal having control functions of a basestation (hereafter may be referred to as ‘access point’) and wirelesscommunication terminals under control of the base station (hereafter maysimply be referred to as ‘terminals’) in a wireless communicationnetwork system that utilizes a wireless communication standard, such asBluetooth, for data transfer.

BACKGROUND ART

Various electronic devices (wireless communication terminals) withBluetooth (abbreviated as BT) wireless communication functions have beendeveloped. Multiple electronic devices with these functions (hereafterreferred to as ‘BT terminals’) are interconnected to form a network. Forexample, one BT terminal as a master (hereafter may be referred to as‘BT access point’ or simply as ‘access point’) is connectable with themaximum of seven BT terminals as slaves (hereafter may be referred tosimply as ‘terminals’) to constitute a network called Piconet. Themaster controls one or multiple slaves connected thereto and establishescommunication with the slaves. Data packets and control packets aretransmittable only between the master and the respective slaves, whiledirect communication between the slaves is not allowed.

In such wireless communication network systems, mutual connectionauthentication between the master and the respective slaves is generallyrequired prior to actual data transmission.

Connection authentication-related techniques have been proposed, forexample, in Japanese Patent Laid-Open Gazettes No. 2001-197150, No.2001-285956, and No. 2001-223692.

There is a print service system in a public place, for example, in afamily restaurant, that prints images based on image files stored ineach user's digital camera (BT terminal) via a service providing server(BT access point). Each user utilizes a print service processindividually provided by the service providing server to receive adesired print service through the display on a monitor located at eachtable in the restaurant.

Each user naturally demands to refer to image files stored in the user'sown digital camera, select desired image files for printing, and give aprinting instruction of the selected image files. For example, a user U1utilizes a process PS1 to select desired image files for printing amongimage files stored in the user's own digital camera CM1 and give aprinting instruction of the selected image files. In the case where theimage files stored in the digital camera CM1 are acceptable by anotherprocess utilized by another user U2 as well as by the process PS1, theuser U2 can illegally check and print the image files belonging to theuser U1. In the print service system where multiple digital cameras (BTterminals) are connectable to the service providing server (BT accesspoint), it is essential to allow only one digital camera CM1 owned byone user U1 to make connection and communication with the process PS1utilized by the user U1, while allowing only another digital camera CM2owned by another user U2 to make connection and communication with theprocess PS2 utilized by the user U2.

The BT terminal has a 48-bit identifier called BT address. This BTaddress is an identifier inherent to each device. Notification of the BTaddress given to the user's digital camera to the process utilized bythe user enables the service providing server to unequivocally identifythe mapping of the digital camera to the process. Such notification alsoensures transfer of the information on the digital camera to theidentified process. Connection authentication is performed with entriesof a common PIN code (Personal Identification Number) between the BTterminal and the process utilized by the user. The successful connectionauthentication proves normal communication between the service providingserver as the access point and the digital camera as the BT terminal.

The service providing server located in a public place naturally doesnot have the information on the mapping of the general users to the BTaddresses given to the respective BT terminals owned by the individualusers. Each user of the service providing server is thus required tonotify the assigned process of the BT address of the own BT terminal.There are two available methods for such notification: (1) direct entryof the BT address; and (2) selection from a list of BT terminalsconnectable to the BT access point. The method (1) requires the user toaccurately enter the 48-bit BT address. The method (2) requires the userto accurately select the own BT terminal based on the 48-bit BT address.The user's wrong entry or selection causes the user to fail in receivingthe desired service. The user's wrong entry or selection may also causethe user to make access to another person's BT terminal. This isundesirable from the viewpoint of privacy protection.

The service system located in a public place to provide various servicesaccordingly demands a technique of simple, convenient, and safeauthentication of a normal communication link between the BT accesspoint and each BT terminal without requiring the user's entry orselection of the BT address given to the BT terminal. Another demandedtechnique unequivocally identifies the mapping of the process utilizedby each user to the user's own BT terminal.

The problems described above are not restricted to the wirelesscommunication network systems where multiple BT terminals are connectedto one BT access point, but are commonly found in any wirelesscommunication network systems that utilize diversity of wirelesscommunication standards, as well as the BT standard, for data transfer.

The technique of the invention thus aims to eliminate the drawbacks ofthe prior art techniques discussed above and is applied to a wirelesscommunication network system including an access point of wirelesscommunication (base station) connected to multiple wirelesscommunication terminals to assure simple, convenient, and safeauthentication of the multiple wireless communication terminals and tounequivocally identify the mapping of the process utilized by each userto the user's BT terminal.

DISCLOSURE OF THE INVENTION

In order to attain at least part of the above and the other relatedobjects, the present invention is directed to a wireless communicationnetwork system including a base station and multiple wirelesscommunication terminals connecting with the base station via a wirelessnetwork. The base station includes: an identification informationmanagement module that allocates multiple different pieces ofidentification information to be registered respectively in the multiplewireless communication terminals; and a link management module thatmanages a communication link between the base station and each of themultiple wireless communication terminals.

In response to a request for connection authentication sent from each ofthe multiple wireless communication terminals to the base station toestablish a communication link, the link management module receivesauthentication information of each wireless communication terminal,which is generated corresponding to a piece of identificationinformation allocated by the identification information managementmodule and registered in the wireless communication terminal, from thewireless communication terminal via the wireless network. The linkmanagement module compares the authentication information received fromthe wireless communication terminal with multiple possible options ofauthentication information generated corresponding to the multipledifferent pieces of identification information allocated by theidentification information management module, and authenticates thewireless communication terminal that has sent the authenticationinformation matching with one of the multiple possible options ofauthentication information. The identification information managementmodule manages a mapping of each specific piece of identificationinformation, which corresponds to a specific option of authenticationinformation matching with the authentication information of theauthenticated wireless communication terminal, to the authenticatedwireless communication terminal.

This arrangement of the wireless communication network system ensuressimple, convenient, and safe authentication of each of the multiplewireless communication terminals, which has sent a request forconnection authentication to establish connection with the base station,based on each piece of identification information allocated by theidentification information management module and registered in thewireless communication terminal. This arrangement also enablesidentification of each piece of identification information registered ineach authenticated wireless communication terminal.

In one preferable embodiment of the wireless communication networksystem having the above configuration, the base station further includesa process providing module that respectively provides the multiplewireless communication terminals with corresponding multiple processes.The identification information management module respectively notifiesthe multiple wireless communication terminals of the multiple differentpieces of identification information via the corresponding processes andmanages a mapping of the respective processes to the notified pieces ofidentification information, prior to the request for connectionauthentication sent from each of the multiple wireless communicationterminals to the base station.

This arrangement effectively identifies the relation between eachprocess and each authenticated wireless communication terminal andthereby enables establishment of wireless communication with theauthenticated wireless communication terminal according to theidentified process.

A wireless communication standard adopted in the wireless network may beBluetooth.

The present invention is also directed to another wireless communicationnetwork system including a base station and multiple wirelesscommunication terminals connecting with the base station via a wirelessnetwork. The base station includes: a process providing device thatincludes a process provider module for providing multiple processes anda first wireless control module; and a wireless communication devicethat includes a wireless communication module and a second wirelesscontrol module, and is connected to the process providing device via apreset line and makes wireless communication with each of the multiplewireless communication terminals by the wireless communication module.

The first wireless control module has an identification informationallocation management module that allocates multiple different pieces offirst identification information to the multiple processes and manages amapping of the multiple processes to the allocated multiple differentpieces of first identification information. The second wireless controlmodule has: an identification information management module thatregisters and stores the multiple different pieces of firstidentification information allocated by the identification informationallocation management module; and a link management module that managesa communication link with each of the multiple wireless communicationterminals.

In response to a request for connection authentication sent from each ofthe multiple wireless communication terminals to the base station toestablish wireless communication, each of the multiple wirelesscommunication terminals generates second authentication informationcorresponding to each registered piece of second identificationinformation and sends the generated second authentication information tothe base station via the wireless network. The link management modulereceives the second authentication information, generates multiplepossible options of first authentication information corresponding tothe multiple different pieces of first identification information storedin the identification information management module, compares thereceived second authentication information with the generated multiplepossible options of first authentication information, and authenticatesthe wireless communication terminal that has sent the secondauthentication information matching with one of the multiple possibleoptions of first authentication information.

This arrangement also ensures simple, convenient, and safeauthentication of each of the multiple wireless communication terminals,which has sent a request for connection authentication to establishconnection with the base station.

In one preferable embodiment of the wireless communication networksystem having the above configuration, the identification informationmanagement module manages a mapping of each specific piece of firstidentification information, which corresponds to a specific option offirst authentication information matching with the second authenticationinformation of the authenticated wireless communication terminal, to theauthenticated wireless communication terminal.

This arrangement effectively identifies the piece of secondidentification information registered in each authenticated wirelesscommunication terminal.

In another preferable embodiment of the wireless communication networksystem having the above configuration, in response to a first controlcommand defined in a logic interface mounted on the preset line, thefirst wireless control module notifies the second wireless controlmodule via the logic interface of the multiple different pieces of firstidentification information to be registered in the identificationinformation management module.

This arrangement enables each piece of first identification informationallocated to each process by the identification information allocationmanagement module of the first wireless control module to be readilyregistered in the identification information management module of thesecond wireless control module.

In one preferable structure of the above embodiment, on registration ofthe multiple different pieces of first identification information in theidentification information management module, the second wirelesscontrol module notifies the first wireless control module via the logicinterface of multiple different pieces of specific information, whichrespectively correspond to the registered multiple different pieces offirst identification information. The identification informationallocation management module manages a mapping of the multiple differentpieces of first identification information to the corresponding multipledifferent pieces of specific information. On authentication of eachwireless communication terminal by the link management module, thesecond wireless control module notifies the first wireless controlmodule via the logic interface of a particular piece of specificinformation, which is mapped to a particular piece of firstidentification information corresponding to a particular possible optionof first authentication information matching with the secondauthentication information. The identification information allocationmanagement module identifies a process corresponding to the particularpiece of first identification information mapped to the notifiedparticular piece of specific information.

In another preferable structure of the above embodiment, in response toa second control command defined in the logic interface, the secondwireless control module notifies the first wireless control module viathe logic interface of a particular piece of first identificationinformation, which corresponds to a particular possible option of firstauthentication information matching with the second authenticationinformation. The identification information allocation management moduleidentifies a process corresponding to the notified particular piece offirst identification information.

Either of these structures effectively identifies each authenticatedwireless communication terminal and a corresponding process.

A wireless communication standard adopted in the wireless network may beBluetooth, and the logic interface may be a host control interface.

The technique of the invention is actualized by diversity of otherapplications, for example, a wireless communication network, a basestation for the network, an authentication method for establishing acommunication link between a base station and each of multiple wirelesscommunication terminals connecting therewith, and a computer programproduct of causing a computer installed in a base station to establish acommunication link with each of multiple wireless communicationterminals via a wireless network.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 schematically illustrates a print service providing system as onecommunication network system according to the technique of theinvention;

FIG. 2 is a functional block diagram schematically illustrating theconfiguration of a sever PSV;

FIG. 3 is a functional block diagram schematically illustrating theconfiguration of a digital camera CM1;

FIG. 4 shows the principle of connection authentication;

FIG. 5 shows the principle of connection authentication;

FIG. 6 shows the principle of connection authentication;

FIG. 7 shows a procedure of connection authentication executed in anembodiment;

FIG. 8 shows the procedure of connection authentication executed in theembodiment;

FIG. 9 shows the procedure of connection authentication executed in theembodiment;

FIG. 10 is a functional block diagram schematically illustrating theconfiguration of a server PSV′;

FIG. 11 is a functional block diagram schematically illustrating theconfiguration of a digital camera CM1′;

FIG. 12 shows potential problems arising in connection authenticationperformed at establishment of communication links according to theprinciple of the BT communication standard;

FIG. 13 shows a PIN code registration process in the procedure ofconnection authentication of a second embodiment performed atestablishment of communication links;

FIG. 14 shows a process of connection authentication at establishment ofcommunication links performed after registration of PIN codes in thecase of prohibition of multiple connections via one registered PIN code;

FIG. 15 shows a process of connection authentication at establishment ofcommunication links performed after registration of PIN codes in thecase of permission of multiple connections via one registered PIN code;

FIG. 16 shows potential problems arising in connection authenticationperformed after establishment of communication links according to theprinciple of the BT communication standard;

FIG. 17 shows a PIN code registration process in the procedure ofconnection authentication of a second embodiment performed afterestablishment of communication links;

FIG. 18 shows a process of connection authentication after establishmentof communication links;

FIG. 19 shows the process of connection authentication afterestablishment of communication links; and

FIG. 20 schematically illustrates the configuration of a print serviceproviding system as one modified example of the communication networksystem of the invention.

BEST MODES OF CARRYING OUT THE INVENTION

Some modes of carrying out the invention are discussed below aspreferred embodiments in the following sequence:

A. First Embodiment

A.1. Configuration of Print Service Providing System

A.2. Connection Authentication

-   -   A.2.1. Principle of Connection Authentication    -   A.2.2. Problems    -   A.2.3. Connection Authentication of Embodiment

A.3. Effects

B. Second Embodiment

B.1. Configuration of Print Service Providing System

B.2. Connection Authentication at Establishment of Links

-   -   B.2.1. Problems    -   B.2.2. Connection Authentication of Embodiment

B.3. Connection Authentication after Establishment of Links

-   -   B.3.1. Problems    -   B.3.2. Connection Authentication of Embodiment

B.4. Effects

C. Modifications

A. First Embodiment

A.1. Configuration of Print Service Providing System

FIG. 1 schematically illustrates a print service providing system as onecommunication network system according to the technique of theinvention. The print service providing system includes a server PSV toprovide print services and a printer PR connected to the server PSV.

The server PSV has BT communication functions and works as a BT accesspoint (base station). According to the BT standard, seven BT terminals(wireless communication terminals) at the maximum are connectable to theserver PSV. Seven monitors DP1 to DP7 are accordingly linked to theserver PSV to enable the maximum of seven users to simultaneouslyreceive the print services.

The server PSV provides the respective users with processes PS1 to PS7of the print services through the displays on the monitors DP1 to DP7.The processes PS1 to PS7 represent functional blocks to controlinterfaces with the respective users and various services provided bythe server to the respective users, for example, the print services inthis embodiment. Each user utilizes the process of the print serviceprovided through the display on the monitor to receive the print serviceand print images stored in the user's own BT terminal with the printerPR.

In the print service providing system of FIG. 1, seven digital camerasCM1 to CM7 as the maximum number of BT terminals (slaves) connectablewith the server PSV are located in a communication range (coverage) WAof the server PSV as the BT access point (master).

FIG. 2 is a functional block diagram schematically illustrating theconfiguration of the sever PSV. The server PSV has a BT control module20, a BT wireless communication module 30, a service providing module40, and a printer control module 50. The server PSV naturally includesinternal storage devices and various control modules, as well asdiversity of peripheral devices, for example, external storage devicesand wired communication devices, and interfaces, for example, displayinterfaces and input interfaces, generally included in the computer.These components are, however, not directly related to thecharacteristics of the invention and are thus neither illustrated norexplained here.

The BT control module 20 controls wireless communication made by the BTwireless communication module 30. The BT control module 20 includes alink management module 22 that manages required connectionauthentication for establishment of communication links with therespective digital cameras CM1 to CM7 and a PIN code management module(identification information management module) 24 that allocatesdifferent PIN codes (different pieces of identification information) tobe individually registered in the respective digital cameras CM1 to CM7.The respective processes PS1 to PS7 in the service providing module 40inform the individual users of the allocated PIN codes through thedisplay on the monitors DP1 to DP7. The operations of the linkmanagement module 22 will be discussed later in detail.

The service providing module 40 carries out the 1^(st) to the 7^(th)processes PS1 to PS7 to control the print services simultaneouslyprovided to seven users U1 to U7. The 1^(st) to the 7^(th) processes PS1to PS7 display a guidance window for providing the print services on thecorresponding 1^(st) to the 7^(th) monitors DP1 to DP7. The printservice providing system also includes 1^(st) to 7^(th) input devicesIP1 to IP7, for example, touch panels or tablets, corresponding to the1^(st) to the 7^(th) monitors DP1 to DP7, although these input devicesIP1 to IP7 are omitted from the illustration of FIG. 1. In response toentry and selection by each of the users U1 to U7 in the guidance windowdisplayed on the corresponding one of the monitors DP1 to DP7, thecorresponding one of the processes PS1 to PS7 makes the required printservice.

The printer control module 50 controls the operations of the printer PRin response to commands from each of the processes PS1 to PS7 in theservice providing module 40, so as to implement printing.

FIG. 3 is a functional block diagram schematically illustrating theconfiguration of the digital camera CM1. The functional block diagram ofFIG. 3 shows only the configuration required for wireless communicationwith the server PSV in the print service providing system of FIG. 1.Imaging function-related components and other essential components ofthe camera are omitted from the illustration of FIG. 3.

The digital camera CM1 includes an operation unit 120, a BT controlmodule 130, a BT wireless communication module 140, and a memory cardcontrol module 150. A memory card MC is attachable to and detachablefrom the digital camera CM1.

The operation unit 120 includes input means, such as switches and atouch panel, for operations of the digital camera and display means.

The BT control module 130 controls wireless communication made by the BTwireless communication module 140. The BT control module 130 includes alink management module 132 that manages required connectionauthentication for establishment of a communication link with the serverPSV. The operations of the link management module 132 will be discussedlater in detail.

The memory card control module 150 controls writing and reading of imagedata and other diverse data into and from the memory card MC. The imagedata stored in the memory card MC may be transferred to the server PSVvia the BT control module 130.

The other digital cameras CM2 to CM7 have the same configuration as thatof the digital camera CM1 shown in FIG. 3 to establish wirelesscommunication with the server PSV in the print service providing systemof FIG. 1.

In the print service providing system of the above configuration, when auser gives a start command of the print service in the window displayedon the monitor, image data stored in the memory card of the user'sdigital camera are transferred to a storage device (not shown) in theserver PSV and are displayed as a list of thumbnails or file names onthe monitor. When the user selects desired image data to be printed inthe list of image data and gives a print command, the selected imagedata are transferred from the server PSV to the printer PR (see FIG. 1)to be printed. Each user receives the independent print serviceaccording to the process provided through the display on the monitor.Namely this print service providing system enables each user to utilizethe process provided through the display on the monitor and receive theindividual print service.

A.2. Connection Authentication

In the print service providing system, establishment of the BT wirelesscommunication between the server PSV as the BT access point (master) andeach of the digital cameras CM1 to CM7 as the BT terminal (slave)requires Piconet synchronization between the master and each slave via asynchronization establishing phase according to the BT communicationstandard and a subsequent shift to a communication connection phase forpacket communication.

The communication connection phase has two processing statuses, that is,a connection status and a data transfer status. In the connectionstatus, control packets for establishing communication links and controlpackets relating to securities are sent and received, while actual datapackets are not transmitted. In the data transfer status, on the otherhand, actual data packets are sent and received.

The BT communication standard uses radio waves for the communicationmedium and accordingly does not have any physical restriction betweenterminals, unlike cables. The radial propagation of informationtransmitted by wireless requires securities to prevent improperconnection between the master and the slave and illegal interception.The BT communication standard is accordingly designed to, in response toa first shift to the connection status of the communication connectionphase via the synchronization establishing phase, prohibit a furthershift to the data transfer status for actual data transmission unlesscompletion of mutual connection authentication and encryption settingsbetween the master and the slave.

The description below sequentially regards the principle of connectionauthentication defined in the BT communication standard, potentialproblems arising in the conventional connection authentication, and theprocedure of connection authentication of this embodiment.

A.2.1. Principle of Connection Authentication

FIGS. 4 through 6 show the principle of connection authenticationaccording to the BT communication standard, on the assumption that theserver PSV provides only one process PS1 and only one digital camera CM1possessed by one user U1 is connected to the server PSV in the printservice providing system of FIG. 1. In the description below, the serverPSV and the digital camera CM1 may respectively be referred to as themaster and as the slave.

The BT securities are managed by 128-bit secret keys called link keys.Each link key represents a parameter for managing one-to-one securitybetween specified two terminals, and is not open to any third terminalor entity. Communication by a communication protocol on an upper layerthan the level of a link management layer is not allowed without thisparameter setting between the master and the slave. Prior to actualconnection authentication, the link management module 22 included in theBT control module 20 of the master (server PSV) and the link managementmodule 132 included in the BT control module 130 of the slave (digitalcamera CM1) cooperatively carry out a pairing process to generate linkkeys between the master and the slave. Mutual connection authenticationis then performed by both the master and the slave with the link keys.The detailed procedure of the standard pairing and connectionauthentication processes is described below.

(1) Pairing Process

In the pairing process, the master and the slave first agree on pairingas shown in FIG. 4. The master sends a control packet ‘LMP_in_rand’ tothe slave to require generation of an initialization key as a requestfor pairing with the slave. At this moment, the master generates a128-bit random number RAND_init as an initialization key generationrandom number used for generation of the initialization key and sendsthe initialization key generation random number RAND_init to the slave.

The slave sends back a control packet ‘LMP_accepted’ to accept therequest for pairing. This reaches an agreement on pairing between themaster and the slave. The slave otherwise sends back a control packet‘LMP_not_accepted’ to reject the request for pairing.

The master and the slave individually generate the initialization keys,in response to the agreement on pairing.

The initialization key is computed from three input parameters, a PINcode, a PIN code length, and the initialization key generation randomnumber RAND_mit, according to an initialization key algorithm (E22). Theinitialization key generation random number RAND_init has been sent fromthe master to the slave at the time of agreement on pairing. Input of anidentical PIN code in both the link management module 22 of the master(server PSV) and the link management module 132 of the slave (digitalcamera CM1) leads to generation of an identical initialization keyKinit.

When the user U1 operates the input device IP1 to enter a PIN code, theprocess PS1 causes the PIN code and the PIN code length to be input intothe link management module 22 of the master. Similarly when the user U1operates the input unit of the operation unit 120 to enter a PIN code,the PIN code and the PIN code length are input into the link managementmodule 132 of the slave. The PIN code entered by the user is avariable-length value of maximum 16 bytes (128 bits). When the PIN codelength of the input PIN code is less than 16 bytes, adequate digits aresupplemented.

The master and the slave then make a negotiation on setting of acomposite key to a link key as shown in FIG. 5. The master sends acontrol packet ‘LMP_comb_key’ to the slave to request registration of acomposite key as a link key. At this moment, the master generates a128-bit random number LK_RAND_A as a 1^(st) composite key generationrandom number used for generation of a composite key and sends thecomposite key generation random number LK_RAND_A to the slave.

Similarly the slave sends a control packet ‘LMP_comb_key’ to the master.At this moment, the slave generates a 128-bit random number LK_RAND_B asa 2^(nd) composite key generation random number and sends the compositekey generation random number LK_RAND_B to the master.

These composite key generation random numbers LK_RAND_A and LK_RAND_Bare to be not open to any third terminal or entity. The masteraccordingly sends an exclusive OR of the initialization key Kinit andthe 1^(st) composite key generation random number LK_RAND_A to theslave, whereas the slave sends an exclusive OR of the initialization keyKinit and the 2^(nd) composite key generation random number LK_RAND_B tothe master. The master and the slave mutually exchange the 1^(st)composite key generation random number LK_RAND_A and the 2^(nd)composite key generation random number LK_RAND_B by computing anexclusive OR of the initialization key Kinit and the received exclusiveOR.

In response to the successful negotiation between the master and theslave on setting of the composite key to the link key, the master andthe slave individually generate composite keys.

The composite key is generated as an exclusive OR of a temporary singlekey of the master and a temporary single key of the slave. The temporarysingle key of the master is computed from two input parameters, a BTaddress BD_ADDR_A of the master and the 1^(st) composite key generationrandom number LK_RAND_A, according to a single key algorithm (E21). Thetemporary single key of the slave is computed from two input parameters,a BT address BD_ADDR_B of the slave and the 2^(nd) composite keygeneration random number LK_RAND_B, according to the single keyalgorithm (E21).

The two composite key generation random numbers LK_RAND_A and LK_RAND_Bare exchanged between the master and the slave at the negotiation. Therespective BT addresses BD_ADDR_A and BD_ADDR_B are exchanged betweenthe master and the slave in the synchronization establishing phase andare known parameters to both the master and the slave. The master andthe slave are thus expected to individually generate identical temporarysingle keys LK_KA of the master and identical temporary single keysLK_KB of the slave and thereby to individually generate identicalcomposite keys Kcomb as an exclusive OR of these two identical temporarysingle keys LK_KA and LK_KB. The individually generated composite keysKcomb are set to link keys Linkey and are registered respectively innon-illustrated memories of the master and the slave.

(2) Connection Authentication Process

Connection authentication is then performed with the link keys Linkeyindividually generated and set by the master and the slave as shown inFIG. 6. The slave first gives an authentication request to the masterand the master then gives an authentication request to the slave formutual connection authentication.

The master sends a control packet ‘LMP_au_rand’ to the slave. At thismoment, the master generates a 128-bit authentication challenge randomnumber AU_RAND and sends the authentication challenge random numberAU_RAND to the slave. The master also computes an authenticationresponse parameter SRES_B′ from three input parameters, the link keyLinkey (=Kcomb), the BT address BD_ADDR_B of the slave, and theauthentication challenge random number AU_RAND, according to aconnection authentication algorithm (E1).

The slave receives the authentication challenge random number AU_RAND inthe control packet ‘LMP_au_rand’ and similarly computes anauthentication response parameter SRES_B from three input parameters,the link key Linkey (=Kcomb), the BT address BD_ADDR_B of the slave, andthe authentication challenge random number AU_RAND, according to theconnection authentication algorithm (E1). The slave subsequently sends acontrol packet ‘LMP_sres’ to the master to request the master to performconnection authentication. At this moment, the slave sends the computedauthentication response parameter SRES_B in the control packet‘LMP_sres’ to the master.

The master receives the authentication response parameter SRES_B andcompares the received authentication response parameter SRES_B with thecomputed authentication response parameter SRES_B′ to give permissionfor or place a prohibition on connection with the slave. This completesauthentication of the slave performed by the master.

An authentication request by the master is given in the oppositedirection to the authentication request by the slave. The slave firstsends a control packet ‘LMP_au_rand’ to the master. At this moment, theslave generates a 128-bit authentication challenge random number AU_RANDand sends the authentication challenge random number AU_RAND to themaster. The slave also computes an authentication response parameterSRES_A′ from three input parameters, the link key Linkey (=Kcomb), theBT address BD_ADDR_A of the master, and the authentication challengerandom number AU_RAND, according to the connection authenticationalgorithm (E1).

The master receives the authentication challenge random number AU_RANDin the control packet ‘LMP_au_rand’ and similarly computes anauthentication response parameter SRES_A from three input parameters,the link key Linkey (=Kcomb), the BT address BD_ADDR_A of the master,and the authentication challenge random number AU_RAND, according to theconnection authentication algorithm (E1). The master subsequently sendsa control packet ‘LMP_sres’ to the slave to request the slave to performconnection authentication. At this moment, the master sends the computedauthentication response parameter SRES_A in the control packet‘LMP_sres’ to the slave.

The slave receives the authentication response parameter SRES_A andcompares the received authentication response parameter SRES_A with thecomputed authentication response parameter SRES_A′ to give permissionfor or place a prohibition on connection with the master. This completesauthentication of the master performed by the slave.

The successful authentication by both the master and the slave completesthe connection authentication. Generation of different link keys by themaster and the slave, that is, a difference in any of the commonparameters used for generation of the link keys, leads to inconsistencyof the computed authentication response parameters and resulting failurein establishment of connection. This technique ensures security betweenthe master and the slave.

A.2.2. Problems

The principle discussed above is successfully applied to connectionauthentication in the case of connection of only one slave (BT terminal)to one master (BT access point). The connection authentication accordingto the above principle, however, has some problems in the case ofsimultaneous connection of the multiple digital cameras CM1 to CM7 asthe slaves to the server PSV as the master to constitute one Piconet asin the print service providing system of the embodiment shown in FIG. 1.

One available technique sets a common PIN code to be used in the Piconetand gives the common PIN code to the respective users U1 to U7 throughthe display on the monitors DP1 to DP7. The given common PIN code isinput into the own digital cameras CM1 to CM7 by the respective users U1to U7.

Individual connection authentications between the respective digitalcameras CM1 to CM7 and the server PSV according to the above principleenable establishment of the respective communication links. In thiscase, only the inherent BT addresses are usable as the identificationparameter for discriminating the seven digital cameras CM1 to CM7. Forone-to-one mapping of the seven digital cameras CM1 to CM7 to the sevenprocesses PS1 to PS7 used by the seven users U1 to U7 with a common PINcode, the respective users U1 to U7 are required to notify thecorresponding processes PS1 to PS7 of the inherent BT addresses of theown digital cameras CM1 to CM7. As described above as the drawbacks ofthe prior art technique, it is rather undesirable to ask suchnotification to the general users.

Another available technique allocates different PIN codes PIN_1 to PIN_7to the processes PS1 to PS7 used by the respective users U1 to U7 andgives the allocated PIN codes PIN_1 to PIN_7 to the respective users U1to U7 through the display on the monitors DP1 to DP7. The given PINcodes PIN_1 to PIN_7 are input into the own digital cameras CM1 to CM7by the respective users U1 to U7.

The master is notified of the PIN codes PIN_1 to PIN_7 allocated to therespective processes PS1 to PS7. The PIN code is, however, not directlyused for actual transmission of data packets between the master and theslaves in the synchronization establishing phase or the communicationconnection phase as described previously. The master or the server PSVis accordingly not informed of which of the seven different PIN codes isinput in which of the seven slaves or the seven digital cameras CM1 toCM7. This leads to failed specification of an adequate link key, whichis generated corresponding to one of the seven PIN codes, to be used foreach of the seven digital cameras CM1 to CM7 in the process ofconnection authentication between the respective digital cameras CM1 toCM7 and the server PSV.

Connection authentication is, however, possible even in this case. Thetechnique sequentially selects one of the seven PIN codes PIN_1 to PIN_7for each of the seven digital cameras CM1 to CM7 and performs theconnection authentication according to the principle discussed above.The 1^(st) digital camera requires up to 7 cycles of the connectionauthentication. The 2^(nd), 3^(rd), 4^(th), 5^(th), 6^(th), and 7^(th)digital cameras respectively require up to 6 cycles, 5 cycles, 4 cycles,3 cycles, 2 cycles, and 1 cycle of the connection authentication. Namelythe maximum of 28 cycles of the connection authentication enable theseven digital cameras CM1 to CM7 to be one-to-one mapped to the sevenprocesses PS1 to PS7 used by the seven users U1 to U7.

This technique is, however, remarkably inefficient to require up to 28cycles of the connection authentication for completed connectionauthentication with regard to all the seven digital cameras CM1 to CM7.

The embodiment accordingly adopts the following technique for connectionauthentication.

A.2.3. Connection Authentication of Embodiment

FIGS. 7 through 9 show a procedure of connection authentication executedin this embodiment. The procedure of connection authentication shown inFIGS. 7 through 9 is on the assumption that the server PSV provides the1^(st) to the 7^(th) processes PS1 to PS7 as shown in FIG. 1. Thefollowing description specifically regards connection authenticationbetween the 1^(st) digital camera CM1 and the server PSV amongconnection authentications between the server PSV and the respectivedigital cameras CM1 to CM7 possessed by the seven users U1 to U7. In thedescription below, the server PSV and the 1^(st) digital camera CM1 mayrespectively be referred to as the master and as the slave.

The connection authentication procedure of this embodiment basicallyfollows the sequence of the principle discussed above. The linkmanagement module 22 included in the BT control module 20 of the master(server PSV) and the link management module 132 included in the BTcontrol module 130 of the slave (1^(st) digital camera CM1)cooperatively carry out a pairing process to generate link keys betweenthe master and the slave. Mutual connection authentication is thenperformed by both the master and the slave with the link keys. Thedetailed procedure of the pairing and connection authenticationprocesses of the embodiment is described below.

(1) Pairing Process

In the pairing process, the master and the slave first agree on pairingas shown in FIG. 7. The master sends a control packet ‘LMP_in_rand’ tothe slave to require generation of an initialization key as a requestfor pairing with the slave. The master generates an initialization keygeneration random number RAND_init and sends the initialization keygeneration random number RAND_init to the slave.

The slave sends back a control packet ‘LMP accepted’ to accept therequest for pairing. This reaches an agreement on pairing between themaster and the slave. The master and the slave then individuallygenerate the initialization keys, in response to the agreement onpairing.

In the master, PIN codes allocated to the respective processes PS1 toPS7 by the PIN code management module 24 (see FIG. 2) and respective PINcode lengths are input into the link management module 22.Initialization keys Kinit_1 to Kinit_7 respectively corresponding to theinput PIN codes are computed according to the initialization keyalgorithm (E22) as shown by Expressions (a1) to (a7) given below. Inthis example, the PIN codes allocated to the respective processes PS1 toPS7 are PIN_1 to PIN_7 and have PIN code lengths PIN_1_Lng to PIN_7_Lng:Kinit _(—)1=E22(RAND _(—) nit,PIN _(—)1,PIN _(—)1_(—) Lng)  (a1)Kinit _(—)2=E22(RAND _(—) init,PIN _(—)2,PIN _(—)2_(—) Lng)  (a2)Kinit _(—)3=E22(RAND _(—) mit,PIN _(—)3,PIN _(—)3_(—) Lng)  (a3)Kinit _(—)4=E22(RAND _(—) init,PIN _(—)4,PIN _(—)4_(—) Lng)  (a4)Kinit _(—)5=E22(RAND _(—) init,PIN _(—)5,PIN _(—)5_(—) Lng)  (a5)Kinit _(—)6=E22(RAND _(—) init,PIN _(—)6,PIN _(—)6_(—) Lng)  (a6)Kinit _(—)7=E22(RAND _(—) init,PIN _(—)7,PIN _(—)7_(—) Lng)  (a7)

The user U1 of the 1^(st) digital camera CM1 operates the operation unit120 (see FIG. 1) to enter the PIN code PIN_1 allocated to the 1^(st)process PS1 into the slave. The link management module 132 then receivesthe PIN code PIN_1 and its PIN code length PIN_1_Lng. An initializationkey Kinit_trm is computed according to the initialization key algorithm(E22) as shown by Expression (b1) given below:Kinit _(—) trm=E22(RAND _(—) init,PIN _(—)1,PIN _(—)1_(—) Lng)  (b1)

The master and the slave then make a negotiation on setting of acomposite key to a link key as shown in FIG. 8. The master sends acontrol packet ‘LMP_comb_key’ to the slave to request registration of acomposite key as a link key.

In the principle of connection authentication discussed above, themaster generates the 1^(st) composite key generation random numberLK_RAND_A, computes an exclusive OR of the initialization key Kinit andthe 1^(st) composite key generation random number LK_RAND_A, and sendsthe result of the exclusive OR in the control packet ‘LMP_comb_key’ tothe slave, as shown in FIG. 5. The embodiment, however, can not adoptthe same procedure, since the master has computed seven possible optionsof the initialization key Kinit_1 to Kinit_7.

In the system of the embodiment, the master generates a 128-bit randomnumber COMB_RAND_A and sends the COMB_RAND_A to the slave. Exclusive ORs(XORs) of the random number COMB_RAND_A and the respective possibleoptions of the initialization key Kinit_1 to Kinit_7 give seven possibleoptions of 1^(st) composite key generation random number LK_RAND_A_1 toLK_RAND_A_7 as shown by Expressions (c1) to (c7) given below:LK _(—) RAND _(—) A _(—)1=(COMB _(—) RAND _(—) A)XOR(Kinit _(—)1)  (c1)LK _(—) RAND _(—) A _(—)2=(COMB _(—) RAND _(—) A)XOR(Kinit _(—)2)  (c2)LK _(—) RAND _(—) A _(—)3=(COMB _(—) RAND _(—) A)XOR(Kinit _(—)3)  (c3)LK _(—) RAND _(—) A _(—)4=(COMB _(—) RAND _(—) A)XOR(Kinit _(—)4)  (c4)LK _(—) RAND _(—) A _(—)5=(COMB _(—) RAND _(—) A)XOR(Kinit _(—)5)  (c5)LK _(—) RAND _(—) A _(—)6=(COMB _(—) RAND _(—) A)XOR(Kinit _(—)6)  (c6)LK _(—) RAND _(—) A _(—)7=(COMB _(—) RAND _(—) A)XOR(Kinit _(—)7)  (c7)

Similarly the slave computes an exclusive OR (XOR) of the random numberCOMB_RAND_A sent from the master and the initialization key Knit_trm togive a 1^(st) composite key generation random number LK_RAND_A_trm asshown by Expression (d1) given below:LK _(—) RAND _(—) A _(—) trm=(COMB _(—) RAND _(—) A)XOR(Kinit _(—)trm)  (d1)

In the same manner as the principle of connection authentication shownin FIG. 5, the slave generates a 2^(nd) composite key generation randomnumber LK_RAND_B, computes an exclusive OR of the 2^(nd) composite keygeneration random number LK_RAND_B and the initialization key Kinit_trm,and sends the result of the exclusive OR as a random number COMB_RAND_Bin the control packet ‘LMP_comb_key’ to the master.

The master receives the random number COMB_RAND_B and computes exclusiveORs (XORs) of the received random number COMB_RAND_B and the possibleoptions of the initialization key Kinit_1 to Kinit_7 to give sevenpossible options of 2^(nd) composite key generation random numberLK_RAND_B_1 to LK_RAND_B_7 as shown by Expressions (e1) to (e7) givenbelow:LK _(—) RAND _(—) B _(—)1=(COMB _(—) RAND _(—) B)XOR(Kinit _(—)1)  (e1)LK _(—) RAND _(—) B _(—)2=(COMB _(—) RAND _(—) B)XOR(Kinit _(—)2)  (e2)LK _(—) RAND _(—) B _(—)3=(COMB _(—) RAND _(—) B)XOR(Kinit _(—)3)  (e3)LK _(—) RAND _(—) B _(—)4=(COMB _(—) RAND _(—) B)XOR(Kinit _(—)4)  (e4)LK _(—) RAND _(—) B _(—)5=(COMB _(—) RAND _(—) B)XOR(Kinit _(—)5)  (e5)LK _(—) RAND _(—) B _(—)6=(COMB _(—) RAND _(—) B)XOR(Kinit _(—)6)  (e6)LK _(—) RAND _(—) B _(—)7=(COMB _(—) RAND _(—) B)XOR(Kinit _(—)7)  (e7)

In response to the successful negotiation between the master and theslave on setting of the composite key to the link key, the master andthe slave individually generate composite keys.

The master executes the single key algorithm (E21) to compute possibleoptions of temporary single key of the master LK_KA_1 to LK_KA_7 andpossible options of temporary single key of the slave LK_KB_1 to LK_KB_7as shown by Expressions (f1) to (f7) and (g1) to (g7) given below:LK _(—) KA _(—)1=E21(LK _(—) RAND _(—) A _(—)1,BD _(—) ADDR _(—)A)  (f1)LK _(—) KA _(—)2=E21(LK _(—) RAND _(—) A _(—)2,BD _(—) ADDR _(—)A)  (f2)LK _(—) KA _(—)3=E21(LK _(—) RAND _(—) A _(—)3,BD _(—) ADDR _(—)A)  (f3)LK _(—) KA _(—)4=E21(LK _(—) RAND _(—) A _(—)4,BD _(—) ADDR _(—)A)  (f4)LK _(—) KA _(—)5=E21(LK _(—) RAND _(—) A _(—)5,BD _(—) ADDR _(—)A)  (f5)LK _(—) KA _(—)6=E21(LK _(—) RAND _(—) A _(—)6,BD _(—) ADDR _(—)A)  (f6)LK _(—) KA _(—)7=E21(LK _(—) RAND _(—) A _(—)7,BD _(—) ADDR _(—)A)  (f7)LK _(—) KB _(—)1=E21(LK _(—) RAND _(—) B _(—)1,BD _(—) ADDR _(—)B)  (g1)LK _(—) KB _(—)2=E21(LK _(—) RAND _(—) B _(—)2,BD _(—) ADDR _(—)B)  (g2)LK _(—) KB _(—)3=E21(LK _(—) RAND _(—) B _(—)3,BD _(—) ADDR _(—)B)  (g3)LK _(—) KB _(—)4=E21(LK _(—) RAND _(—) B _(—)4,BD _(—) ADDR _(—)B)  (g4)LK _(—) KB _(—)5=E21(LK _(—) RAND _(—) B _(—)5,BD _(—) ADDR _(—)B)  (g5)LK _(—) KB _(—)6=E21(LK _(—) RAND _(—) B _(—)6,BD _(—) ADDR _(—)B)  (g6)LK _(—) KB _(—)7=E21(LK _(—) RAND _(—) B _(—)7,BD _(—) ADDR _(—)B)  (g7)

Exclusive ORs (XORs) of the possible options of the temporary single keyof the master LK_KA_1 to LK_KA_7 and the possible options of thetemporary single key of the slave LK_KB_1 to LK_KB_7 give possibleoptions of composite key Kcomb_1 to Kcomb_7 as shown by Expressions (h1)to (h7) given below:Kcomb _(—)1=(LK _(—) KA _(—)1)XOR(LK _(—) KB _(—)1)  (h1)Kcomb _(—)2=(LK _(—) KA _(—)2)XOR(LK _(—) KB _(—)2)  (h2)Kcomb _(—)3=(LK _(—) KA _(—)3)XOR(LK _(—) KB _(—)3)  (h3)Kcomb _(—)4=(LK _(—) KA _(—)4)XOR(LK _(—) KB _(—)4)  (h4)Kcomb _(—)5=(LK _(—) KA _(—)5)XOR(LK _(—) KB _(—)5)  (h5)Kcomb _(—)6=(LK _(—) KA _(—)6)XOR(LK _(—) KB _(—)6)  (h6)Kcomb _(—)7=(LK _(—) KA _(—)7)XOR(LK _(—) KB _(—)7)  (h7)

Similarly the slave executes the single key algorithm (E21) to compute atemporary single key of the master LK_KA_trm and a temporary single keyof the slave LK_KB_trm as shown by Expressions (i1) and (j1) givenbelow:LK _(—) KA _(—) trm=E21(LK _(—) RAND _(—) A _(—) trm,BD _(—) ADDR _(—)A)  (i1)LK _(—) KB _(—) trm=E21(LK _(—) RAND _(—) B _(—) trm,BD _(—) ADDR _(—)B)  (j1)

An exclusive OR (XOR) of the temporary single key of the masterLK_KA_trm and the temporary single key of the slave LK_KB_trm gives acomposite key Kcomb_trm as shown by Expression (k1) given below:Kcomb _(—) trm=(LK _(—) KA _(—) trm)XOR(LK _(—) KB _(—) trm)  (k1)

The possible options of the composite key Kcomb_1 to Kcomb_7 generatedby the master are set to possible options of the link key Linkey and areregistered in the non-illustrated memory of the master. The compositekey Kcomb_trm generated by the slave is set to the link key Linkey andis registered in the non-illustrated memory of the slave.

(2) Connection Authentication Process

Connection authentication is then performed with the link keysindividually generated and set by the master and the slave as shown inFIG. 9. The slave first gives an authentication request to the masterand the master then gives an authentication request to the slave formutual connection authentication.

In the same manner as the principle of connection authentication shownin FIG. 6, the master generates an authentication challenge randomnumber AU_RAND and sends the authentication challenge random numberAU_RAND on a control packet ‘LMP_au_rand’ to the slave. The master alsoexecutes the connection authentication algorithm (E1) to compute anauthentication response parameter. Unlike the procedure of theprinciple, however, the master computes seven possible options of theauthentication response parameter SRES_1 to SRES_7 corresponding to theseven possible options of the composite key Kcomb_1 to Kcomb_7, whichare set to the possible options of the link key Linkey, as shown byExpressions (m1) to (m7) given below:SRES _(—)1=E1(Kcomb _(—)1,BD _(—) ADDR _(—) B,AU _(—) RAND)  (m1)SRES _(—)2=E1(Kcomb _(—)2,BD _(—) ADDR _(—) B,AU _(—) RAND)  (m2)SRES _(—)3=E1(Kcomb _(—)3,BD _(—) ADDR _(—) B,AU _(—) RAND)  (m3)SRES _(—)4=E1(Kcomb _(—)4,BD _(—) ADDR _(—) B,AU _(—) RAND)  (m4)SRES _(—)5=E1(Kcomb _(—)5,BD _(—) ADDR _(—) B,AU _(—) RAND)  (m5)SRES _(—)6=E1(Kcomb _(—)6,BD _(—) ADDR _(—) B,AU _(—) RAND)  (m6)SRES _(—)7=E1(Kcomb _(—)7,BD _(—) ADDR _(—) B,AU _(—) RAND)  (m7)

The slave receives the authentication challenge random number AU_RANDand computes an authentication response parameter SRES_trm as shown byExpression (n1) given below in the same manner as the principle ofconnection authentication discussed above:SRES _(—) trm=E1(Kcomb _(—) trm,BD _(—) ADDR _(—) B,AU _(—) RAND)  (n1)

The slave sends the computed authentication response parameter SRES_trmon a control packet ‘LMP_sres’ to the master to request the master toperform connection authentication.

The master receives the authentication response parameter SRES_trm andsuccessively compares the received authentication response parameterSRES_trm with the computed possible options of the authenticationresponse parameter SRES_1 to SRES_7 to find the matching option of theauthentication response parameter. In this example, only the 1^(st)option of the authentication response parameter SRES_1 matches with thereceived authentication response parameter SRES_trm. This completesconnection authentication of the 1^(st) digital camera CM1 as the slaveby the server PSV as the master in response to the connectionauthentication request from the slave. This connection authenticationgives one-to-one mapping of the 1^(st) digital camera CM1 to the 1^(st)process PS1, which is related to the 1^(st) PIN code PIN_1 used forcomputation of the 1^(st) option of the authentication responseparameter SRES_1.

On completion of the connection authentication in response to theconnection authentication request from the 1^(st) digital camera CM1 asthe slave to the server PSV as the master, connection authentication isperformed in response to a connection authentication request from theserver PSV as the master to the 1^(st) digital camera CM1 as the slave.In the same manner as the principle of connection authentication shownin FIG. 6, the slave generates an authentication challenge random numberAU_RAND and sends the authentication challenge random number AU_RAND inthe control packet ‘LMP_au_rand’ to the master. The slave also executesthe connection authentication algorithm (E1) to compute theauthentication response parameter SRES_trm as shown by Expression (n1)given above.

The master receives the authentication challenge random number AU_RANDand executes the connection authentication algorithm (E1) with the linkkey Linkey (=Kcomb_1 in this example), which is specified by theconnection authentication request from the slave, to compute theauthentication response parameter SRES_1 as shown by Expression (m1)given above. The master sends the computed authentication responseparameter SRES_1 in the control packet ‘LMP_sres’ to the slave torequest the slave to perform connection authentication.

The slave receives the authentication response parameter SRES_1 andcompares the received authentication response parameter SRES_1 with thecomputed authentication response parameter SRES_trm for matching. Thiscompletes authentication of the master performed by the slave.

The successful authentication by both the master and the slave completesthe connection authentication.

The other digital cameras CM2 to CM7 also perform the connectionauthentication according to the above procedure. The master is notrequired to use all the seven possible options of the authenticationresponse parameter, which are generated corresponding to the sevenpossible options of the composite key, for connection authentication ofeach of the seven digital cameras CM1 to CM7. The matching options ofthe authentication response parameter in the previous connectionauthentication may be excluded from the options for matching in thesubsequent connection authentication.

A.3. Effects

In the procedure of this embodiment described above, in response to theconnection authentication requests from the 1^(st) to the 7^(th) digitalcameras CM1 to CM7 as the slaves, the sever PSV as the master performsconnection authentication of the 1^(st) to the 7^(th) digital camerasCM1 to CM7, while identifying the PIN codes input respectively into the1^(st) to the 7^(th) digital cameras CM1 to CM7. The PIN code managementmodule 24 manages the PIN codes PIN_1 to PIN_7 allocated to the 1^(st)to the 7^(th) processes PS1 to PS7. The 1^(st) to the 7^(th) processesPS1 to PS7 utilized by the users U1 to U7 of the respective digitalcameras CM1 to CM7 are thus one-to-one mapped to the 1^(st) to the7^(th) digital cameras CM1 to CM7.

The connection authentication of this embodiment requires the user toenter only one simple PIN code into the own digital camera. The user isthen allowed to make the BT wireless communication with only onespecified process.

In the connection authentication of this embodiment, the sequence oftransmission of the control packets between the server PSV as the masterand the digital camera as the slave is consistent with the sequencedescribed in the principle of connection authentication. The digitalcamera as the slave is thus not required to have any special mechanismfor the connection authentication of this embodiment but advantageouslyutilizes the general BT communication functions to receive the printservice provided by the print service providing system of theembodiment.

The above example regards the connection authentication between theserver as the master and the digital camera as the slave. Thisrelationship is, however, not essential, and the connectionauthentication may be performed according to the same procedure betweenthe digital camera as the master and the server as the slave.

B. Second Embodiment

B.1. Configuration of Print Service Providing System

A server PSV′ as a BT access point (base station) and digital camerasCM1′ to CM7′ as BT terminals (wireless communication terminals) areconstructed as discussed below in a print service providing system of asecond embodiment.

FIG. 10 is a functional block diagram schematically illustrating theconfiguration of the server PSV′. The server PSV′ includes a computer200 as a service providing device that provides print services and a BTmodule 300 that is connected to the computer 200 and makes BT wirelesscommunication.

The service providing device 200 and the BT module 300 may beinterconnected by a physical IF (interface), such as a UART (UniversalAsynchronous Receiver Transmitter) or a USB (Universal Serial Bus), andare connected by the USB in this embodiment.

The service providing device 200 naturally includes internal storagedevices and various control modules, as well as diversity of peripheraldevices, for example, external storage devices and wired communicationdevices, and interfaces, for example, display interfaces and inputinterfaces, generally included in the computer. These components are,however, not directly related to the characteristics of the inventionand are thus neither illustrated nor explained here.

The service providing device 200 includes a service providing unit 210,a printer control unit 220, and a BT control unit 230. Like the serviceproviding module 40 of the first embodiment shown in FIG. 2, the serviceproviding unit 210 carries out 1^(st) to the 7^(th) processes PS1 to PS7to control the print services simultaneously provided to seven users U1to U7. The 1^(st) to the 7^(th) processes PS1 to PS7 display a guidancewindow for providing the print services on corresponding 1^(st) to7^(th) monitors DP1 to DP7 (not shown). There are 1^(st) to 7^(th) inputdevices IP1 to IP7 (not shown), for example, touch panels or tablets,corresponding to the 1^(st) to the 7^(th) monitors DP1 to DP7. Inresponse to entry and selection by each of the users U1 to U7 in theguidance window displayed on the corresponding one of the monitors DP1to DP7, the corresponding one of the processes PS1 to PS7 makes therequired print service. Like the printer control module 50 of the firstembodiment shown in FIG. 2, the printer control unit 220 controls theoperations of a printer PR (not shown) in response to commands from eachof the processes PS1 to PS7 in the service providing unit 210, so as toimplement printing. The BT control unit 30 controls wirelesscommunication made by the BT module 300.

The BT module 300 includes a BT control unit 310 and a BT wirelesscommunication unit 320. The BT wireless communication unit 320 has thefunctions of actually receiving and sending data by wireless and istypically a transceiver. The BT control unit 310 controls wirelesscommunication made by the BT wireless communication unit 320 accordingto the control by the BT control unit 230 of the service providingdevice 200.

In the description below, the BT control unit 230 of the serviceproviding device 200 and the BT control unit 310 of the BT module 300may respectively be called the ‘service-side BT control unit 230’ andthe ‘module-side BT control unit 310’.

The service-side BT control unit 230 has an HCI controller 234, whereasthe module-side BT control unit 310 has an HCI controller 316. These HCIcontrollers 234 and 316 are logic IFs mounted on the physical IFs forconnecting the service providing device 200 with the BT module 300, andcontrol communication between the service-side BT control unit 230 andthe module-side BT control unit 310 according to an HCI (Host ControlInterface) defined in the BT communication standard. In the descriptionbelow, the HCI controller 234 of the service-side BT control unit 230and the HCI controller 316 of the module-side BT control unit 310 mayrespectively be called the ‘service-side HCI controller 234’ and the‘module-side HCI controller 316’.

The service-side BT control unit 230 further includes a PIN codeallocation management unit 232, whereas the module-side BT control unit310 further includes a PIN code management unit 314. The PIN codeallocation management unit 232 generates multiple different PIN codes(multiple different pieces of identification information) to beallocated to the respective processes PS1 to PS7. The PIN codeallocation management unit 232 notifies the PIN code management unit 314of the allocated PIN codes via the respective HCI controllers 234 and316. The service-side BT control unit 230 receives informationrepresenting a mapping of connection handles for identifying therespective BT terminals as the other side of communication to the PINcodes used for connection authentication of communication from themodule-side BT control unit 310 and manages the received information.

The PIN code management unit 314 holds and manages the PIN codesnotified by the PIN code allocation management unit 232 via theservice-side HCI controller 234 and the module-side HCI controller 316.

The module-side BT control unit 310 also includes a link management unit312. The link management unit 312 manages required connectionauthentication for establishment of a communication link between each ofthe BT terminals (the digital cameras CM1′ to CM7′ in this embodiment)and the server PSV′ as the BT access point. The functions of the linkmanagement unit 312 are identical with the link management module 22 ofthe first embodiment shown in FIG. 2.

As clearly understood from the above explanation, the combination of theservice-side BT control unit 230 and the module-side BT control unit 310is equivalent to the BT control module 20 (see FIG. 2) in the server PSVof the first embodiment.

FIG. 11 is a functional block diagram schematically illustrating theconfiguration of the digital camera CM1′. The digital camera CM1′includes a computer 400 as a camera device having imaging functions anda BT module 500 that is connected to the computer 400 and makes BTwireless communication.

The camera device 400 and the BT module 500 may be interconnected via aphysical IF, such as a UART or a USB, and are connected by the USB inthis embodiment.

The illustration of FIG. 11 shows only part of the structure of thecamera device 400 related to the BT wireless communication with theserver PSV′, and essential components of the imaging device, forexample, the imaging functions, are omitted from the illustration.

The camera device 400 includes an operation unit 410, a BT control unit420, and a memory card control unit 430. Like the operation unit 120 ofthe first embodiment shown in FIG. 3, the operation unit 410 includesinput means, such as switches and a touch panel, for operations of thedigital camera and display means. The memory card control unit 430controls writing and reading of image data and other diverse data intoand from a non-illustrated memory card MC, like the memory card controlmodule 150 of the first embodiment shown in FIG. 3. The BT control unit420 controls wireless communication made by the BT module 500.

The BT module 500 includes a BT control unit 510 and a BT wirelesscommunication unit 520. The BT wireless communication unit 520 has thefunctions of actually receiving and sending data by wireless and istypically a transceiver. The BT control unit 510 controls wirelesscommunication made by the BT wireless communication unit 520 accordingto the control by the BT control unit 420 of the camera device 400.

In the description below, the BT control unit 420 of the camera device400 and the BT control unit 510 of the BT module 500 may respectively becalled the ‘camera-side BT control unit 420’ and the ‘module-side BTcontrol unit 510’.

The camera-side BT control unit 420 has an HCI controller 424, whereasthe module-side BT control unit 510 has an HCI controller 516. These HCIcontrollers 424 and 516 are logic IFs mounted on the physical IFs forconnecting the camera device 400 with the BT module 500, and controlcommunication between the camera-side BT control unit 420 and themodule-side BT control unit 510 according to the HCI (Host ControlInterface) defined in the BT communication standard. In the descriptionbelow, the HCI controller 424 of the camera-side BT control unit 420 andthe HCI controller 516 of the module-side BT control unit 510 mayrespectively be called the ‘camera-side HCI controller 424′ and the‘module-side HCI controller 516’.

The module-side BT control unit 510 further includes a link managementunit 512. The link management unit 512 manages required connectionauthentication for establishment of a communication link with the serverPSV′ as the BT access point. The functions of the link management unit512 are identical with the link management module 132 of the firstembodiment shown in FIG. 3.

Image data stored in the non-illustrated memory card MC are transferredto the server PSV′ via the camera-side BT control unit 420 and themodule-side BT control unit 510.

As clearly understood from the above explanation, the combination of thecamera-side BT control unit 420 and the module-side BT control unit 510is equivalent to the BT control module 130 (see FIG. 3) in the digitalcamera CM1 of the first embodiment.

In the print service providing system of the second embodiment, theother digital cameras CM2′ to CM7′ have the same structure related tothe wireless communication with the server PSV′ as that of the digitalcamera CM1′ shown in FIG. 11.

Like the print service providing system of the first embodiment (FIG.1), the print service providing system of the second embodimentincluding the server PSV′ connecting with the 1^(st) to the 7^(th)digital cameras CM1′ to CM7′ enables each user to utilize the processprovided through the display on the monitor and receive the individualprint service.

The connection authentication executed in the print service providingsystem of the second embodiment is described below in two differentsituations, that is, connection authentication at establishment ofcommunication links and connection authentication after establishment ofcommunication links.

B.2. Connection Authentication at Establishment of Links

The description sequentially regards potential problems arising inconnection authentication at establishment of communication links (ACL(Asynchronous Connection-Less) links) according to the principle of theBT communication standard and the procedure of connection authenticationof this embodiment.

B.2.1. Problems

FIG. 12 shows potential problems arising in connection authenticationperformed at establishment of communication links according to theprinciple of the BT communication standard. FIG. 12 shows the situationof connection authentication on the assumption that the PIN codeallocation management unit 232 and the PIN code management unit 314characteristic of the embodiment are omitted respectively from theservice-side BT control unit 230 and from the module-side BT controlunit 310 in the server PSV′ shown in FIG. 10. In the situation of FIG.12, the service providing unit 210 provides the 1^(st) to the 7^(th)processes PS1 to PS7 to connect the digital cameras CM1′ to CM7′possessed by the seven users U1 to U7 with this modified server PSV′.FIG. 12 specifically shows connection authentication between the 1^(st)digital camera CM1′ and the modified server PSV′ in mutual connectionauthentications between the respective digital cameras CM1′ to CM7′ andthe modified server PSV′. The 1^(st) to the 7^(th) processes PS1 to PS7of the service providing unit 210 provide the 1^(st) to the 7^(th) usersU1 to U7 with PIN codes to be input into the 1^(st) to the 7^(th)digital cameras CM1′ to CM7′ through the displays on the respectivemonitors (not shown). In the description below, this modified serverPSV′ may simply be called the server, and the 1^(st) to the 7^(th)digital cameras CM1′ to CM7′ may simply be called the cameras 1 to 7.The digital cameras may otherwise be called the BT terminals.

For establishment of a communication link, at a first step (S1) in theserver (see FIG. 10), the service-side HCI controller 234 of the serviceproviding device 200 enables a command parameter ‘Authentication_Enable’and sends a control command ‘HCI_Write_Authentication_Enable’ to themodule-side HCI controller 316 of the BT module 300. The commandparameter ‘Authentication_Enable’ is enabled or disabled for connectionauthentication at establishment of communication links. The output ofthe control command ‘HCI_Write_Authentication_Enable’ triggersauthentication in the course of establishment of a communication linkbetween the server and the BT terminal (camera 1). The service providingdevice 200 and the BT module 300 in the server make communication viathe service-side HCI controller 234 and the module-side HCI controller316, as described previously. In the description below, the expressionof ‘from the service-side HCI controller 234 of the service providingdevice 200 to the module-side HCI controller 316 of the BT module 300′may be abbreviated as ‘from the service providing device 200 to the BTmodule 300’ or as ‘from the service-side BT control unit 230 to themodule-side BT control unit 310’.

At a second step (S2) in the camera 1 (see FIG. 11), the camera-side HCIcontroller 424 of the camera device 400 sends a control command‘HCI_Create_Connection’ with the BT address of the server as a commandparameter (parameter name ‘BD_ADDR’) to the module-side HCI controller516 of the BT module 500. This triggers a paging process to send a pagefrom the camera 1 to the server. The server correspondingly sends back apage response to the camera 1. The camera device 400 and the BT module500 in the camera 1 make communication via the camera-side HCIcontroller 424 and the module-side HCI controller 516, as describedpreviously. In the description below, the expression of ‘from thecamera-side HCI controller 424 of the camera device 400 to themodule-side HCI controller 516 of the BT module 500′ may be abbreviatedas ‘from the camera device 400 to the BT module 500’ or as the‘camera-size BT control unit 420 to the module-side BT control unit510’.

The page and the page response transmitted between the server and thecamera 1 start connection authentication between the link managementunit 312 in the module-side BT control unit 310 of the server and thelink management unit 512 in the module-side BT control unit 510 of thecamera 1, since the authentication setting has been enabled at the firststep (S1).

In the first execution of connection authentication, the link managementunit 312 in the module-side BT control unit 310 of the server does nothave a link key required for authentication described in the firstembodiment. At a third step (S3) in the server, the BT module 300 sendsan event ‘HCI_Link_key_Request_event’ with the BT address of the BTterminal to be authenticated (camera 1 in this example) as the commandparameter (parameter name ‘BD_ADDR’) to the service providing device 200as a request for the link key.

As mentioned previously in the first embodiment as the problems of theconventional connection authentication, the service-side BT control unit230 is not informed of the BT address of the BT terminal (camera 1) andaccordingly can not send back a corresponding link key. At a fourth step(S4) in the server, the service providing device 200 sends a controlcommand ‘HCI_Link_Key_Negative_Request_reply’ to the BT module 300 togive a negative response to the request for the link key. After thefirst connection authentication, the service-side BT control unit 230possesses the information on the mapping of the BT address of the BTterminal to the link key and can thus send back the link key in acontrol command ‘HCI_Link_Key_Request_reply’ to the BT module 300.

The link management unit 312 in the module-side BT control unit 310 ofthe server starts the pairing process as described in the firstembodiment. A PIN code is essential for this pairing process. At a fifthstep (S5) in the server, the BT module 300 sends an event‘HCI_PIN_Code_Request_event’ with the BT address of the camera 1 as thecommand parameter ‘BD_ADDR’ to the service providing device 200 as arequest for the PIN code.

As mentioned previously in the first embodiment as the problems of theconventional connection authentication, the service-side BT control unit230 is not informed of the BT address of the BT terminal (camera 1). Theservice-side BT control unit 230 possesses the information on the PINcodes provides by the respective processes PS1 to PS7, while not beingnotified of the mapping of the PIN codes to the BT addresses inherent tothe BT terminals (digital cameras CM1′ to CM7′) that have received theinputs of the PIN codes. The service-side BT control unit 230 can thusnot send back a PIN code corresponding to the BT address of the requestsender. At a sixth step (S6) in the server, the service providing device200 sends a control command ‘HCI_PIN_Code_Negative_Request_reply’ togive a negative response to the request for the PIN code.

The link management unit 312 in the module-side BT control unit 310 ofthe server can thus not implement the pairing process or the connectionauthentication process described in the first embodiment and fails inconnection between the server and the camera 1. At a seventh step (S7)in the server, the BT module 300 sends an event‘HCI_Connection_Complete_event’, which includes a status (parameter name‘Status’) representing the result of establishment of a communicationlink (succeeded/failed), the BT address of the camera 1 (parameter name‘BD_ADDR’), and a connection handle (parameter name ‘Connection Handle’)as parameters, to the service providing device 200, which is thusinformed of failed connection. At an eighth step (S8) in the camera 1,the BT module 500 similarly sends an event‘HCI_Connection_Complete_event’ including the status, the BT address ofthe server, and the connection handle as the parameters to the cameradevice 400, which is thus informed of failed connection.

The above description regards the process of connection authenticationat establishment of communication links between the server and the BTterminals (digital cameras CM1′ to CM7′), on the assumption that the PINcode allocation management unit 232 and the PIN code management unit 314are omitted respectively from the service-side BT control unit 230 andfrom the module-side BT control unit 310 of the server. In the server ofthis partly omitted configuration, the module-side BT control module 310of the BT module 300 sends an inquiry about the PIN code of each BTterminal to be authenticated to the service-side BT control unit 230 ofthe service providing device 200. The service-side BT control unit 230can not, however, send back the required PIN code to the module-side BTcontrol unit 310. This results in failed connection authentication.

The system of the second embodiment adopts the procedure described belowto implement connection authentication at establishment of communicationlinks.

B.2.2. Connection Authentication of Embodiment

As in the case of the print service providing system of the firstembodiment (FIG. 1), the following description is on the assumption thatthe service providing unit 210 of the server PSV′ provides the 1^(st) tothe 7^(th) processes PS1 to PS7 as shown in FIG. 10. The followingdescription specifically regards connection authentication between the1^(st) digital camera CM1′ (FIG. 11) and the server PSV′ amongconnection authentications between the server PSV’ and the respectivedigital cameras CM1′ to CM7′ possessed by the seven users U1 to U7.

In the system of this embodiment, the service-side BT control unit 230in the service providing device 200 of the server PSV′ has the PIN codeallocation management unit 232. The PIN code allocation management unit232 allocates the PIN codes to the respective processes PS1 to PS7 andmanages their mapping. The module-side BT control unit 310 in the BTmodule 300 of the server PSV′ has the PIN code management unit 314. Theconnection authentication of the embodiment is performed atestablishment of communication links after registration of the PIN codesallocated by the PIN code allocation management unit 232 into the PINcode management unit 314, as described below.

(1) PIN Code Registration

FIG. 13 shows a PIN code registration process executed at establishmentof communication links.

The HCI in the BT communication standard allows the user to define acontrol code. A user-defined control command is accordingly utilized forthe PIN code registration process.

The user defines, for example, a control command ‘HCI_WriteStoredCode’,which is to be sent from the service-side HCI control unit 234 to themodule-side HCI control unit 316. The control command specifies threeparameters ‘PIN_Code’, ‘PIN_Code_Length’, and ‘Multiple Connections’.The parameter ‘PIN_Code’ represents a PIN code allocated by the PIN codeallocation management unit 232. The parameter ‘PIN_Code_Length’represents the length of the PIN code. The parameter ‘MultipleConnections’ represents permission or prohibition of multipleconnections via the identical PIN code.

The control command having the above definition is used for registrationof each PIN code. At a first step (S1), the service providing device 200sends the control command ‘HCI_WriteStoredCode’ to the BT module 300.The BT module 300 accordingly receives information on a PIN codeallocated to one of the processes PS1 to PS7 by the PIN code allocationmanagement unit 232, its PIN code length, and permission or prohibitionof multiple connections via the PIN code. The received information isregistered into the PIN code management unit 314 of the module-side BTcontrol unit 310. At a second step (S2), the BT module 300 sends anevent ‘HCI_Complete_event’ to the service providing device 200. Theservice providing device 200 is thus notified of a status representingeither succeeded registration or failed registration (parameter name‘Status’) and a connection handle (parameter name ‘Connection_Handle’).In the case of prohibition of multiple connections, a reserved valuerelated to only the registered PIN code is sent as the connectionhandle. The PIN code allocation management unit 232 manages the receivedconnection handle representing the reserved value with the correspondingPIN code. In the case of permission of multiple connections, on theother hand, the connection handle has no significance and is set to atypically defined arbitrary value.

The first step (S1) and the second step (S2) of the registration processare repeated seven times. The seven PIN codes allocated to the 1^(st) tothe 7^(th) processes PS1 to PS7 are accordingly registered as possibleoptions usable for authentication into the PIN code management unit 314of the module-side BT control unit 310.

Establishment of communication links and connection authenticationfollow the PIN code registration. The subsequent processing flow partlydepends upon the permission or prohibition of multiple connections viaone identical PIN code. The procedure of connection authentication inthe case of prohibition of multiple connections and that in the case ofpermission of multiple connections are thus described separately.

(2) Establishment of Communication Links and Connection Authentication(Multiple Connections=Prohibited)

FIG. 14 shows a process of connection authentication at establishment ofcommunication links performed after registration of PIN codes in thecase of prohibition of multiple connections via one registered PIN code.This procedure of establishment of communication links basically followsthe principle of the BT communication standard.

At a first step (S1) in the server (FIG. 10), the service providingdevice 200 sends a control command ‘HCI_Write_Authentication_Enable’ tothe BT module 300 to enable connection authentication at establishmentof a communication link. The output of the control command‘HCI_Write_Authentication_Enable’ triggers authentication in the courseof establishment of a communication link between the server and the BTterminal (camera 1).

At a second step (S2) in the camera 1 (FIG. 11), the camera device 400sends a control command ‘HCI_Create_Connection’ with the BT address ofthe server as the command parameter (parameter name ‘BD_ADDR’) to the BTmodule 500. This triggers a paging process to send a page from thecamera 1 to the server. The server correspondingly sends back a pageresponse to the camera 1.

The page and the page response transmitted between the server and thecamera 1 start connection authentication between the link managementunit 312 in the module-side BT control unit 310 of the server (FIG. 10)and the link management unit 512 in the module-side BT control unit 510of the camera 1 (FIG. 11). The link management unit 312 in themodule-side BT control unit 310 of the server does not have a link keyrequired for authentication described in the first embodiment. At athird step (S3) in the server, the BT module 300 sends an event‘HCI_Link_key_Request_event’ with the BT address of the BT terminal tobe authenticated (camera 1) as the command parameter (parameter name‘BD_ADDR’) to the service providing device 200 as a request for the linkkey. As described previously, the service-side BT control unit 230 isnot informed of the BT address of the BT terminal (camera 1) andaccordingly can not send back a corresponding link key. At a fourth step(S4) in the server, the service providing device 200 sends a controlcommand ‘HCI_Link_Key_Negative_Request_reply’ to the BT module 300 togive a negative response to the request for the link key.

The link management unit 312 in the module-side BT control unit 310 ofthe server and the link management unit 512 in the module-side BTcontrol unit 510 of the camera 1 then execute the pairing and connectionauthentication processes as described in the first embodiment.

A PIN code is essential for the pairing process. The possible options ofthe PIN code required for connection authentication have been registeredin the PIN code management unit 314 of the module-side BT control unit310 of the server and enable execution of the connection authenticationprocess. At a fifth step (S5) in the camera 1, the BT module 500 sendsan event ‘HCI_PIN_Code_Request_event’ with the BT address of the serveras the command parameter (parameter name ‘BD_ADDR’) to the camera device400 as a request for the PIN code. At a sixth step (S6) in the camera 1,the camera device 400 sends a control command‘HCI_PIN_Code_Request_reply’ to the BT module 500, which is thusnotified of a PIN code (parameter name ‘PIN_Code’) and its PIN codelength (parameter name ‘PIN_Code_Length’). The PIN code and the PIN codelength notified here are identical with the PIN code and the PIN codelength given to the user (U1) through the display on the monitor andentered into the user's own BT terminal (camera 1). The PIN code may beentered into the camera 1 at the fifth step of inquiry about the PINcode or may be entered in advance.

As described in the first embodiment, after generation of link keys bythe pairing and connection authentication processes between the serverand the camera 1, at a seventh step (S7) in the server, the BT module300 sends an event ‘HCI_Link_key_Notification_event’ to the serviceproviding device 200, which is thus notified of the generated link key(parameter name ‘Link_Key’) and the type of the link key (parameter name‘Key_type’). Similarly at an eighth step (S8) in the camera 1, the BTmodule 500 sends an event ‘HCI_Link_key_Notification_event’ to thecamera device 400, which is thus notified of the generated link key andthe type of the link key.

At a ninth step (S9) in the server, the BT module 300 sends an event‘HCI_Connection_Complete_event’ to the service providing device 200,which is thus notified of a status representing either a succeededcommunication link or a failed communication link (parameter name‘Status’) and a connection handle representing a reserved value relatedto the PIN code used for connection authentication (parameter name‘Connection_Handle’). Similarly at a tenth step (S10) in the camera 1,the BT module 500 sends an event ‘HCI_Connection_Complete_event’ to thecamera device 400, which is thus notified of the status representingeither a succeeded communication link or a failed communication link(parameter name ‘Status’) and the connection handle (parameter name‘Connection_Handle’). This establishes a communication link between theserver and the camera 1 and completes the connection authentication.

The PIN code allocation management unit 232 in the service-side BTcontrol unit 230 of the server unequivocally maps the PIN code and theconnection handle to the process and manages the mapping. The serveruses the connection handle notified at the ninth step (S9) to specifythe PIN code of the BT terminal (camera 1) as the object of connectionauthentication and the process mapped to the PIN code, thus identifyingthe user utilizing the process as the object of connectionauthentication.

(3) Establishment of Communication Links and Connection Authentication(Multiple Connections=Allowed)

FIG. 15 shows a process of connection authentication at establishment ofcommunication links performed after registration of PIN codes in thecase of permission of multiple connections via one registered PIN code.The procedure of establishment of communication links in this case isbasically identical with the procedure in the case of prohibition ofmultiple connections via one PIN code (see FIG. 14). Execution of thefirst step (S1) to the tenth step (S10) implements authentication in thecourse of establishment of a communication link between the server andthe BT terminal (camera 1).

The connection handles notified at the ninth step (S9) and at the tenthstep (S10) in the case of permission of multiple connections aredifferent from the connection handles notified at the ninth step (S9)and at the tenth step (S10) in the case of prohibition of multipleconnections (see FIG. 14). Each of the connection handles in this caseis not a reserved value related to the PIN code used for connectionauthentication but is an arbitrary value typically defined in the PINcode registration process.

One identical PIN code may be used for connection authentication betweenthe server PSV′ and multiple BT terminals (digital cameras CM1′ toCM7′). The connection handle in the case of permission of multipleconnections is not the reserved value related to the PIN code, unlikethe connection handle in the case of prohibition of multipleconnections. In the case of permission of multiple connections, the PINcode and the connection handle are not unequivocally mapped to theprocess in the PIN code registration process. This leads to failedidentification of the PIN code used for authentication and failedmapping of the connected BT terminal to the PIN code, thus causingfailed identification of the mapping of the PIN code to the process.

The procedure of this embodiment accordingly allows the user to definean HCI control command.

The user defines a control command ‘HCI_Check_PIN_Code’, which is to besent from the module-side HCI control unit 316 to the service-side HCIcontrol unit 234 in the server PSV′. This control command specifies theBT address of the BT terminal as the object of connection (parametername ‘BD_ADDR’).

The control command having the above definition is used for an inquiryabout the PIN code. At an eleventh step (S11), the service providingdevice 200 sends the control command ‘HCI_Check_PIN_Code’ to the BTmodule 300 as a request for the PIN code. At a twelfth step (S12), theBT module 300 sends an event ‘HCI_Command_Complete_event’ to the serviceproviding device 200, which is thus notified of the PIN code used forconnection authentication of the BT terminal having the specified BTaddress (camera 1).

This specifies the PIN code of the BT terminal (camera 1) as the objectof connection authentication and the process mapped to the PIN code,thus identifying the user utilizing the process as the object ofconnection authentication.

B.3. Connection Authentication after Establishment of Links

The description sequentially regards potential problems arising inconnection authentication after establishment of communication links(ACL (Asynchronous Connection-Less) links) according to the principle ofthe BT communication standard and the procedure of connectionauthentication of this embodiment.

B.3.1. Problems

FIG. 16 shows potential problems arising in connection authenticationperformed after establishment of communication links according to theprinciple of the BT communication standard. As described previously inthe potential problems at establishment of communication links (see FIG.12), FIG. 16 shows the situation of connection authentication on theassumption that the PIN code allocation management unit 232 and the PINcode management unit 314 characteristic of the embodiment are omittedrespectively from the service-side BT control unit 230 and from themodule-side BT control unit 310 in the server PSV’ shown in FIG. 10. Inthe situation of FIG. 16, the service providing unit 210 provides the1^(st) to the 7^(th) processes PS1 to PS7 to connect the digital camerasCM1′ to CM7′ possessed by the seven users U1 to U7 with this modifiedserver PSV′. FIG. 16 specifically shows connection authenticationbetween the 1^(st) digital camera CM1‘and the modified server PSV’ inmutual connection authentications between the respective digital camerasCM1′ to CM7‘and the modified server PSV’. The 1^(st) to the 7^(th)processes PS1 to PS7 of the service providing unit 210 provide the1^(st) to the 7^(th) users U1 to U7 with PIN codes to be input into the1^(st) to the 7^(th) digital cameras CM1′ to CM7′ through the displayson the respective monitors (not shown). In the description below, thismodified server PSV′ may simply be called the server, and the 1^(st) tothe 7^(th) digital cameras CM1′ to CM7′ may simply be called the cameras1 to 7. The digital cameras may otherwise be called the BT terminals.

On establishment of a communication link (ALC link) between the serverand the BT terminal (camera 1 in this example), the BT module 300 of theserver (FIG. 10) sends an event ‘HCI_Connection_Complete_event’ to theservice providing device 200, which is thus notified of a statusrepresenting either succeeded establishment or failed establishment of acommunication link (parameter name ‘Status’), the BT address of theconnected BT terminal (camera 1) (parameter name ‘BD_ADDR’), and aconnection handle representing a typically defined arbitrary value(parameter name ‘Connection_Handle’). Similarly the BT module 500 of thecamera 1 (FIG. 11) sends an event ‘HCI_Connection_Complete_event’ to thecamera device 400, which is thus notified of the status (parameter name‘Status’), the BT address of the server (parameter name ‘BD_ADDR’), andthe connection handle (parameter name ‘Connection_Handle’).

At a first step (S1) in the server, the service providing device 200sends a control command ‘HCI_Authentication_Requested’ with theconnection handle notified at establishment of a communication link as acommand parameter (parameter name ‘Connection_Handle’) to the BT module300. This triggers connection authentication by the link management unit312 in the module-side BT control unit 310 of the BT module 300. Thelink management unit 312 does not have a link key required forauthentication described in the first embodiment. At a second step (S2)in the server, the BT module 300 sends an event‘HCI_Link_key_Request_event’ with the BT address of the BT terminal tobe authenticated (camera 1 in this example) as the command parameter(parameter name ‘BD_ADDR’) to the service providing device 200 as arequest for the link key. The service-side BT control unit 230 is notinformed of the BT address of the BT terminal (camera 1) and accordinglycan not send back a corresponding link key. At a third step (S3) in theserver, the service providing device 200 sends a control command‘HCI_Link_Key_Negative_Request_reply’ to the BT module 300 to give anegative response to the request for the link key.

The link management unit 312 in the module-side BT control unit 310 ofthe server starts the pairing process as described in the firstembodiment. A PIN code is essential for this pairing process. At afourth step (S4) in the server, the BT module 300 sends an event‘HCI_PIN_Code_Request_event’ with the BT address of the camera 1 as thecommand parameter (parameter name ‘BD_ADDR’) to the service providingdevice 200 as a request for the PIN code.

As mentioned previously in the first embodiment as the problems of theconventional connection authentication, the service-side BT control unit230 is not informed of the BT address of the BT terminal (camera 1). Theservice-side BT control unit 230 possesses the information on the PINcodes provides by the respective processes PS1 to PS7, while not beingnotified of the mapping of the PIN codes to the BT addresses inherent tothe BT terminals (digital cameras CM1′ to CM7′) that have received theinputs of the PIN codes. The service-side BT control unit 230 can thusnot send back a PIN code corresponding to the BT address of the requestsender. At a fifth step (S5) in the server, the service providing device200 sends a control command ‘HCI_PIN_Code_Negative_Request_reply’ togive a negative response to the request for the PIN code.

The link management unit 312 in the module-side BT control unit 310 ofthe server can thus not implement the pairing process or the connectionauthentication process described in the first embodiment and fails inconnection authentication between the server and the camera 1. At asixth step (S6) in the server, the BT module 300 sends an event‘HCI_Authentication_Complete_event’ with a status representing eithersucceeded connection authentication or failed connection authentication(parameter name ‘Status’) and a connection handle set at the start ofconnection authentication (parameter name ‘Connection_Handle’) ascommand parameters to the service providing device 200. The serviceproviding device 200 is thus notified of failed authentication.

The above description regards the process of connection authenticationafter establishment of communication links between the server and the BTterminals (digital cameras CM1′ to CM7′), on the assumption that the PINcode allocation management unit 232 and the PIN code management unit 314are omitted respectively from the service-side BT control unit 230 andfrom the module-side BT control unit 310 of the server. In the server ofthis partly omitted configuration, the module-side BT control module 310of the BT module 300 sends an inquiry about the PIN code of each BTterminal to be authenticated to the service-side BT control unit 230 ofthe service providing device 200. The service-side BT control unit 230can not, however, send back the required PIN code to the module-side BTcontrol unit 310. This results in failed connection authentication.

The system of the second embodiment adopts the procedure described belowto implement connection authentication after establishment ofcommunication links.

B.3.2. Connection Authentication of Embodiment

As in the case of the print service providing system of the firstembodiment (FIG. 1), the following description is on the assumption thatthe service providing unit 210 of the server PSV′ provides the 1^(st) tothe 7^(th) processes PS1 to PS7 as shown in FIG. 10. The followingdescription specifically regards connection authentication between the1^(st) digital camera CM1‘and the server PSV′ among connectionauthentications between the server PSV′ and the respective digitalcameras CM1′ to CM7′ possessed by the seven users U1 to U7.

In the procedure of connection authentication after establishment ofcommunication links, each PIN code allocated to the PIN code allocationmanagement unit 232 is registered in the PIN code management unit 314,prior to connection authentication, as described below.

(1) PIN Code Registration

FIG. 17 shows a PIN code registration process in the procedure ofconnection authentication of the embodiment performed afterestablishment of communication links.

On establishment of a communication link (ALC link), the BT module 300of the server (FIG. 10) sends an event ‘HCI_Connection_Complete_event’to the service providing device 200, which is thus notified of thestatus (parameter name ‘Status’), the BT address (parameter name‘BD_ADDR’), and the connection handle (parameter name‘Connection_Handle’). In the same manner as the PIN code registrationprocess at establishment of communication links (see FIG. 13), at afirst step (S1) in the server, the service providing device 200 sends acontrol command ‘HCI_WriteStoredCode’ to the BT module 300. The BTmodule 300 accordingly receives information on a PIN code, its PIN codelength, and permission or prohibition of multiple connections via thePIN code. The received information is registered into the PIN codemanagement unit 314 of the module-side BT control unit 310. The controlcommand ‘HCI_WriteStoredCode’ is identical with the user-defined controlcommand in the procedure of connection authentication at establishmentof communication links. At a second step (S2) in the server, the BTmodule 300 sends an event ‘HCI_Complete_event’ to the service providingdevice 200, which is thus notified of a status representing eithersucceeded registration or failed registration (parameter ‘Status’) and aconnection handle (parameter name ‘Connection_Handle’). The connectionhandle is set to a typically defined arbitrary value, regardless ofpermission or prohibition of multiple connections.

The first step (S1) and the second step (S2) of the registration processare repeated seven times. The seven PIN codes allocated to the 1^(st) tothe 7^(th) processes PS1 to PS7 are accordingly registered as possibleoptions usable for authentication into the PIN code management unit 314of the module-side BT control unit 310.

Connection authentication follows the PIN code registration. Thesubsequent processing flow does not depend upon the permission orprohibition of multiple connections via one identical PIN code. Thefollowing description regards the case of prohibition of multipleconnections.

(2) Connection Authentication (Multiple Connections=Prohibited)

FIGS. 18 and 19 show a process of connection authentication afterestablishment of communication links. This procedure of connectionauthentication basically follows the principle of the BT communicationstandard.

At a first step (S1) in the server (FIG. 10), the service providingdevice 200 sends a control command ‘HCI_Authentication_Requested’ withthe connection handle notified at establishment of a communication linkas a command parameter (parameter name ‘Connection_Handle’) to the BTmodule 300. This triggers connection authentication by the linkmanagement unit 312 in the module-side BT control unit 310 of the BTmodule 300 (FIG. 10). As described above in the problems, the linkmanagement unit 312 does not have a link key required for authenticationdescribed in the first embodiment. At a second step (S2) in the server,the BT module 300 sends an event ‘HCI_Link_key_Request_event’ with theBT address of the BT terminal to be authenticated (camera 1 in thisexample) as the command parameter (parameter name ‘BD_ADDR’) to theservice providing device 200 as a request for the link key. As describedabove in the problems, the service-side BT control unit 230 is notinformed of the BT address of the BT terminal (camera 1) and accordinglycan not send back a corresponding link key. At a third step (S3) in theserver, the service providing device 200 sends a control command‘HCI_Link_Key_Negative_Request_reply’ to the BT module 300 to give anegative response to the request for the link key.

The link management unit 312 in the module-side BT control unit 310 ofthe server and the link management unit 512 in the module-side BTcontrol unit 510 of the camera 1 then execute the pairing and connectionauthentication processes as described in the first embodiment.

A PIN code is essential for the pairing process. The possible options ofthe PIN code required for connection authentication have been registeredin the PIN code management unit 314 of the module-side BT control unit310 of the server and enable execution of the connection authenticationprocess. At a fourth step (S4) in the camera 1, the BT module 500 sendsan event ‘HCI_PIN_Code_Request_event’ with the BT address of the serveras the command parameter (parameter name ‘BD_ADDR’) to the camera device400 as a request for the PIN code. At a fifth step (S5) in the camera 1,the camera device 400 sends a control command‘HCI_PIN_Code_Request_reply’ to the BT module 500, which is thusnotified of a PIN code (parameter name ‘PIN_Code’) and its PIN codelength (parameter name ‘PIN_Code_Length’). The PIN code and the PIN codelength notified here are identical with the PIN code and the PIN codelength given to the user (U1) through the display on the monitor andentered into the user's own BT terminal (camera 1). The PIN code may beentered into the camera 1 at the fourth step of inquiry about the PINcode or may be entered in advance.

As described in the first embodiment, after generation of link keys bythe pairing and connection authentication processes between the serverand the camera 1, at a sixth step (S6) in the server, the BT module 300sends an event ‘HCI_Link_key_Notification_event’ to the serviceproviding device 200, which is thus notified of the generated link key(parameter name ‘Link_Key’) and the type of the link key (parameter name‘Key_type’). Similarly at a seventh step (S7) in the camera 1, the BTmodule 500 sends an event ‘HCI_Link_key_Notification_event’ to thecamera device 400, which is thus notified of the generated link key andthe type of the link key.

At an eighth step (S8) in the server, the BT module 300 sends an event‘HCI_Authentication_Complete_event’ to the service providing device 200,which is thus notified of a status representing a result of connectionauthentication (parameter name ‘Status’) and a connection handle(parameter name ‘Connection_Handle’).

The above procedure enables connection authentication between the serverand the camera 1 even in the case of permission of multiple connectionsvia one PIN code, like the procedure of connection authentication atestablishment of communication links (FIG. 15). Each registered PIN codeis, however, not one-to-one mapped to the connection handle. This leadsto failed identification of the PIN code used for authentication andfailed mapping of the connected BT terminal to the PIN code, thuscausing failed identification of the mapping of the PIN code to theprocess.

The procedure of this embodiment accordingly carries out additionalsteps, which are identical with the eleventh and twelfth steps (see FIG.15) in the procedure of connection authentication performed atestablishment of communication links in the case of permission ofmultiple connections via one registered PIN code. As shown in FIG. 19,at a ninth step (S9), the service providing device 200 sends a controlcommand ‘HCI_Check_PIN_Code’ to the BT module 300 as a request for thePIN code. The control command ‘HCI_Check_PIN_Code’ is identical with theuser-defined control command in the procedure of connectionauthentication at establishment of communication links. At a tenth step(S10), the BT module 300 sends an event ‘HCI_Command_Complete_event’ tothe service providing device 200, which is thus notified of the PIN codeused for connection authentication of the BT terminal having thespecified BT address (camera 1).

This specifies the PIN code of the BT terminal (camera 1) as the objectof connection authentication and the process mapped to the PIN code,thus identifying the user utilizing the process as the object ofconnection authentication.

B.4. Effects

In the procedure of the second embodiment described above, in responseto the connection authentication requests from the 1^(st) to the 7^(th)digital cameras CM1′ to CM7′, the sever PSV’ performs connectionauthentication of the 1^(st) to the 7^(th) digital cameras CM1′ to CM7′,while identifying the PIN codes input respectively into the 1^(st) tothe 7^(th) digital cameras CM1′ to CM7′. The PIN code allocationmanagement unit 234 manages the mapping of the allocated PIN codes tothe 1^(st) to the 7^(th) processes PS1 to PS7. The digital cameras CM1′to CM7′ are thus one-to-one mapped to the 1^(st) to the 7^(th) processesPS1 to PS7 utilized by the users U1 to U7 of the respective digitalcameras.

The connection authentication of this embodiment requires the user toenter only one simple PIN code into the own digital camera. The user isthen allowed to make the BT wireless communication with only onespecified process.

In the server PSV′ of this embodiment, registration of the PIN codesallocated to the respective processes and check of each PIN code usedfor connection authentication are implemented between the PIN codeallocation management unit 234 included in the service-side BT controlunit 230 of the service providing device 200 and the PIN code managementunit 314 included in the module-side BT control unit 310 of the BTmodule 300. The connection authentication procedure of this embodimentthus newly adds the control command ‘HCI_WriteStoredPinCode’ forcontrolling the PIN code registration and the control code‘HCI_Check_PIN_Code’ for controlling the PIN code check to the generalcontrol commands of the logic IF (HCI) defined in the BT communicationstandard between the service providing device 200 and the BT module 300in the server PSV′. The specification of the HCI generally allowsaddition of user-defined commands. Addition of these control commands isthus in conformity with the specification of the HCI.

In the connection authentication of this embodiment, the communicationprocedure between the server PSV′ and the BT terminals (1^(st) to 7^(th)digital cameras CM1′ to CM7′) is consistent with the general connectionauthentication procedure in the BT communication standard. The digitalcamera as the BT terminal to be connected to the server is thus notrequired to have any special mechanism for the connection authenticationof this embodiment but advantageously utilizes the general BTcommunication functions to receive the print service provided by theprint service providing system of the embodiment.

In the structure of this embodiment, the BT module 300 is linked to theservice providing device 200 in the server PSV′, whereas the BT module500 is linked to the camera device 400 in each digital camera as the BTterminal connected to the server PSV′ as shown in FIG. 11. Thisstructure is only illustrative to explain addition of the new controlcommands to the logic IF (HCI) between the service providing device 200and the BT module 300 in the server PSV′. The digital camera of thefirst embodiment (see FIG. 3) may alternatively be used as the BTterminal connected to the server PSV’ of the second embodiment.

C. Modifications

The embodiments discussed above are to be considered in all aspects asillustrative and not restrictive. There may be many modifications,changes, and alterations without departing from the scope or spirit ofthe main characteristics of the present invention. Some examples ofpossible modification are given below.

C1. MODIFIED EXAMPLE 1

FIG. 20 schematically illustrates the configuration of a print serviceproviding system as one modified example of the communication networksystem of the invention. The print service providing system may beconstructed to include multiple servers as BT access points, which areinterconnected via a wired network. The print service providing systemillustrated in FIG. 20 includes two servers PSV1 and PSV2, to which thetotal of fourteen digital cameras CM1 to CM14 are connected. The sevendigital cameras CM1 to CM7 enter a communication range WA1 of the firstserver PSV1, while the other seven digital cameras CM8 to CM14 enter acommunication range WA2 of the second server PSV2.

Each BT access point performs the connection authentication describedabove to map the user's digital cameras to the processes utilized by therespective users. When the communication ranges of the two BT accesspoints partly overlap, a digital camera in the overlapped area isconnectable with either of the two BT access points. In the illustratedexample of FIG. 20, the loth digital camera CM10 is in the overlappedarea of the two communication ranges WA1 and WA2. In this case, theaccess point making connection with the loth digital camera CM10 is notfixed. The two servers as the access points accordingly exchange theinformation on the PIN codes allocated to the processes provided by therespective servers and generate possible options of link keyscorresponding to all these PIN codes.

C2. MODIFIED EXAMPLE 2

In the print service providing systems of the above embodiments, theservice providing module or the service providing device in the serverprovides seven processes PS1 to PS7. In one possible modification, sevenclient terminals connected to the server via a wired network mayrespectively provide seven processes PS1 to PS7.

C3. MODIFIED EXAMPLE 3

The embodiments and their modifications regard the print serviceproviding systems as the communication network system of the invention.The technique of the invention is, however, not restricted to the printservice providing systems but may be applied to diversity of other BTcommunication network systems.

C4. MODIFIED EXAMPLE 4

The above embodiments describe the BT communication network systems. Thetechnique of the invention is, however, not restricted to the BTcommunication standard, but is applicable to various communicationnetwork systems utilizing diversity of other wireless communicationstandards.

INDUSTRIAL APPLICABILITY

The wireless communication network system of the invention is preferablyadopted in service industries that provide general users with diverseservices including print services in various public places, such asfamily restaurants.

1. A wireless communication network system including a base station andmultiple wireless communication terminals connecting with the basestation via a wireless network, the base station comprising: anidentification information management module that allocates multipledifferent pieces of identification information to be registeredrespectively in the multiple wireless communication terminals; and alink management module that manages a communication link between thebase station and each of the multiple wireless communication terminals,wherein in response to a request for connection authentication sent fromeach of the multiple wireless communication terminals to the basestation to establish a communication link, the link management modulereceives authentication information of each wireless communicationterminal, which is generated corresponding to a piece of identificationinformation allocated by the identification information managementmodule and registered in the wireless communication terminal, from thewireless communication terminal via the wireless network, the linkmanagement module compares the authentication information received fromthe wireless communication terminal with multiple possible options ofauthentication information generated corresponding to the multipledifferent pieces of identification information allocated by theidentification information management module, and authenticates thewireless communication terminal that has sent the authenticationinformation matching with one of the multiple possible options ofauthentication information, and the identification informationmanagement module manages a mapping of each specific piece ofidentification information, which corresponds to a specific option ofauthentication information matching with the authentication informationof the authenticated wireless communication terminal, to theauthenticated wireless communication terminal.
 2. A wirelesscommunication network system in accordance with claim 1, wherein thebase station further comprises: a process providing module thatrespectively provides the multiple wireless communication terminals withcorresponding multiple processes, and the identification informationmanagement module respectively notifies the multiple wirelesscommunication terminals of the multiple different pieces ofidentification information via the corresponding processes and manages amapping of the respective processes to the notified pieces ofidentification information, prior to the request for connectionauthentication sent from each of the multiple wireless communicationterminals to the base station.
 3. A wireless communication networksystem in accordance with either one of claims 1 and 2, wherein awireless communication standard adopted in the wireless network isBluetooth.
 4. A wireless communication network system including a basestation and multiple wireless communication terminals connecting withthe base station via a wireless network, the base station comprising: aprocess providing device that includes a process provider module forproviding multiple processes and a first wireless control module; and awireless communication device that includes a wireless communicationmodule and a second wireless control module, and is connected to theprocess providing device via a preset line and makes wirelesscommunication with each of the multiple wireless communication terminalsby the wireless communication module, the first wireless control modulecomprising: an identification information allocation management modulethat allocates multiple different pieces of first identificationinformation to the multiple processes and manages a mapping of themultiple processes to the allocated multiple different pieces of firstidentification information, the second wireless control modulecomprising: an identification information management module thatregisters and stores the multiple different pieces of firstidentification information allocated by the identification informationallocation management module; and a link management module that managesa communication link with each of the multiple wireless communicationterminals, wherein in response to a request for connectionauthentication sent from each of the multiple wireless communicationterminals to the base station to establish wireless communication, eachof the multiple wireless communication terminals generates secondauthentication information corresponding to each registered piece ofsecond identification information and sends the generated secondauthentication information to the base station via the wireless network,and the link management module receives the second authenticationinformation, generates multiple possible options of first authenticationinformation corresponding to the multiple different pieces of firstidentification information stored in the identification informationmanagement module, compares the received second authenticationinformation with the generated multiple possible options of firstauthentication information, and authenticates the wireless communicationterminal that has sent the second authentication information matchingwith one of the multiple possible options of first authenticationinformation.
 5. A wireless communication network system in accordancewith claim 4, wherein the identification information management modulemanages a mapping of each specific piece of first identificationinformation, which corresponds to a specific option of firstauthentication information matching with the second authenticationinformation of the authenticated wireless communication terminal, to theauthenticated wireless communication terminal.
 6. A wirelesscommunication network system in accordance with either one of claims 4and 5, wherein in response to a first control command defined in a logicinterface mounted on the preset line, the first wireless control modulenotifies the second wireless control module via the logic interface ofthe multiple different pieces of first identification information to beregistered in the identification information management module.
 7. Awireless communication network system in accordance with claim 6,wherein on registration of the multiple different pieces of firstidentification information in the identification information managementmodule, the second wireless control module notifies the first wirelesscontrol module via the logic interface of multiple different pieces ofspecific information, which respectively correspond to the registeredmultiple different pieces of first identification information, theidentification information allocation management module manages amapping of the multiple different pieces of first identificationinformation to the corresponding multiple different pieces of specificinformation, on authentication of each wireless communication terminalby the link management module, the second wireless control modulenotifies the first wireless control module via the logic interface of aparticular piece of specific information, which is mapped to aparticular piece of first identification information corresponding to aparticular possible option of first authentication information matchingwith the second authentication information, and the identificationinformation allocation management module identifies a processcorresponding to the particular piece of first identificationinformation mapped to the notified particular piece of specificinformation.
 8. A wireless communication network system in accordancewith claim 6, wherein in response to a second control command defined inthe logic interface, the second wireless control module notifies thefirst wireless control module via the logic interface of a particularpiece of first identification information, which corresponds to aparticular possible option of first authentication information matchingwith the second authentication information, and the identificationinformation allocation management module identifies a processcorresponding to the notified particular piece of first identificationinformation.
 9. A wireless communication network system in accordancewith either one of claims 4 and 5, wherein a wireless communicationstandard adopted in the wireless network is Bluetooth.
 10. A wirelesscommunication network system in accordance with claim 6, wherein awireless communication standard adopted in the wireless network isBluetooth, and the logic interface is a host control interface.
 11. Abase station that is connectable with multiple wireless communicationterminals via a communication network, the base station comprising: anidentification information management module that allocates multipledifferent pieces of identification information to be registeredrespectively in the multiple wireless communication terminals; and alink management module that manages a communication link between thebase station and each of the multiple wireless communication terminals,wherein in response to a request for connection authentication sent fromeach of the multiple wireless communication terminals to the basestation to establish a communication link, the link management modulereceives authentication information of each wireless communicationterminal, which is generated corresponding to a piece of identificationinformation allocated by the identification information managementmodule and registered in the wireless communication terminal, from thewireless communication terminal via the wireless network, the linkmanagement module compares the authentication information received fromthe wireless communication terminal with multiple possible options ofauthentication information generated corresponding to the multipledifferent pieces of identification information allocated by theidentification information management module, and authenticates thewireless communication terminal that has sent the authenticationinformation matching with one of the multiple possible options ofauthentication information, and the identification informationmanagement module manages a mapping of each specific piece ofidentification information, which corresponds to a specific option ofauthentication information matching with the authentication informationof the authenticated wireless communication terminal, to theauthenticated wireless communication terminal.
 12. A base station inaccordance with claim 11, the base station further comprising: a processproviding module that respectively provides the multiple wirelesscommunication terminals with corresponding multiple processes, whereinthe identification information management module respectively notifiesthe multiple wireless communication terminals of the multiple differentpieces of identification information via the corresponding processes andmanages a mapping of the respective processes to the notified pieces ofidentification information, prior to the request for connectionauthentication sent from each of the multiple wireless communicationterminals to the base station.
 13. A base station in accordance witheither one of claims 11 and 12, wherein a wireless communicationstandard adopted in the wireless network is Bluetooth.
 14. A basestation that is connectable with multiple wireless communicationterminals via a communication network, the base station comprising: aprocess providing device that includes a process provider module forproviding multiple processes and a first wireless control module; and awireless communication device that includes a wireless communicationmodule and a second wireless control module, and is connected to theprocess providing device via a preset line and makes wirelesscommunication with each of the multiple wireless communication terminalsby the wireless communication module, the first wireless control modulecomprising: an identification information allocation management modulethat allocates multiple different pieces of first identificationinformation to the multiple processes and manages a mapping of themultiple processes to the allocated multiple different pieces of firstidentification information, the second wireless control modulecomprising: an identification information management module thatregisters and stores the multiple different pieces of firstidentification information allocated by the identification informationallocation management module; and a link management module that managesa communication link with each of the multiple wireless communicationterminals, wherein in response to a request for connectionauthentication sent from each of the multiple wireless communicationterminals to the base station to establish wireless communication, eachof the multiple wireless communication terminals generates secondauthentication information corresponding to each registered piece ofsecond identification information and sends the generated secondauthentication information to the base station via the wireless network,and the link management module receives the second authenticationinformation, generates multiple possible options of first authenticationinformation corresponding to the multiple different pieces of firstidentification information stored in the identification informationmanagement module, compares the received second authenticationinformation with the generated multiple possible options of firstauthentication information, and authenticates the wireless communicationterminal that has sent the second authentication information matchingwith one of the multiple possible options of first authenticationinformation.
 15. A base station in accordance with claim 14, wherein theidentification information management module manages a mapping of eachspecific piece of first identification information, which corresponds toa specific option of first authentication information matching with thesecond authentication information of the authenticated wirelesscommunication terminal, to the authenticated wireless communicationterminal.
 16. A base station in accordance with either one of claims 14and 15, wherein in response to a first control command defined in alogic interface mounted on the preset line, the first wireless controlmodule notifies the second wireless control module via the logicinterface of the multiple different pieces of first identificationinformation to be registered in the identification informationmanagement module.
 17. A base station in accordance with claim 16,wherein on registration of the multiple different pieces of firstidentification information in the identification information managementmodule, the second wireless control module notifies the first wirelesscontrol module via the logic interface of multiple different pieces ofspecific information, which respectively correspond to the registeredmultiple different pieces of first identification information, theidentification information allocation management module manages amapping of the multiple different pieces of first identificationinformation to the corresponding multiple different pieces of specificinformation, on authentication of each wireless communication terminalby the link management module, the second wireless control modulenotifies the first wireless control module via the logic interface of aparticular piece of specific information, which is mapped to aparticular piece of first identification information corresponding to aparticular possible option of first authentication information matchingwith the second authentication information, and the identificationinformation allocation management module identifies a processcorresponding to the particular piece of first identificationinformation mapped to the notified particular piece of specificinformation.
 18. A base station in accordance with claim 16, wherein inresponse to a second control command defined in the logic interface, thesecond wireless control module notifies the first wireless controlmodule via the logic interface of a particular piece of firstidentification information, which corresponds to a particular possibleoption of first authentication information matching with the secondauthentication information, and the identification informationallocation management module identifies a process corresponding to thenotified particular piece of first identification information.
 19. Abase station in accordance with either one of claims 14 and 15, whereina wireless communication standard adopted in the wireless network isBluetooth.
 20. A base station in accordance with claim 16, wherein awireless communication standard adopted in the wireless network isBluetooth, and the logic interface is a host control interface.
 21. Anauthentication method for establishing a communication link between abase station and each of multiple wireless communication terminals,which are connected to the base station via a wireless network, theauthentication method comprising the steps of: allocating in advancemultiple different pieces of identification information to be registeredrespectively in the multiple wireless communication terminals; andreceiving authentication information of each wireless communicationterminal, which is generated corresponding to a piece of identificationinformation registered in the wireless communication terminal, from thewireless communication terminal via the wireless network; comparing theauthentication information received from the wireless communicationterminal with multiple possible options of authentication informationgenerated corresponding to the multiple different pieces ofidentification information, and authenticating the wirelesscommunication terminal that has sent the authentication informationmatching with one of the multiple possible options of authenticationinformation; and managing a mapping of each specific piece ofidentification information, which corresponds to a specific option ofauthentication information matching with the authentication informationof the authenticated wireless communication terminal, to theauthenticated wireless communication terminal.
 22. A computer programproduct that causes a computer installed in a base station to establisha communication link with each of multiple wireless communicationterminals via a wireless network, the computer program productcomprising: a computer readable medium; and a computer program that isstored on the computer readable medium, the computer program comprising:a first program of allocating in advance multiple different pieces ofidentification information to be registered respectively in the multiplewireless communication terminals; and a second program of receivingauthentication information of each wireless communication terminal,which is generated corresponding to a piece of identificationinformation registered in the wireless communication terminal, from thewireless communication terminal via the wireless network, comparing theauthentication information received from the wireless communicationterminal with multiple possible options of authentication informationgenerated corresponding to the multiple different pieces ofidentification information, authenticating the wireless communicationterminal that has sent the authentication information matching with oneof the multiple possible options of authentication information, andmanaging a mapping of each specific piece of identification information,which corresponds to a specific option of authentication informationmatching with the authentication information of the authenticatedwireless communication terminal, to the authenticated wirelesscommunication terminal.